CVE-2012-1301
published 2017-04-13CVE-2012-1301: The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.48%
87.6th percentile
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco_cms | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC is working, but the service could also be used by attackers who want to be sure an exploit is working.
This blog will first introduce the Interactsh tool and how researchers or attackers can leverage it to perform vulnerability validation. We then describe some of the many exploits in the wild leveraging this tool, and we
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Threat Research Center
Threat Research
Cybercrime
## Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Yue Guan
Jin Chen
Leo Olson
Wayne Xin
Daiping Liu
Published: October 14, 2021
Cybercrime
Threat Research
Attack analysis
Exploit
Exploit in the wild
Interactsh
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh . This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC
Bugzilla
CVE-2012-3431 Teiid: JDBC socket does not encrypt client login messages by default
bugzilla·2012-07-27·CVSS 4.3
CVE-2012-3431 [MEDIUM] CVE-2012-3431 Teiid: JDBC socket does not encrypt client login messages by default
CVE-2012-3431 Teiid: JDBC socket does not encrypt client login messages by default
The Teiid JDBC socket does not encrypt client login messages by default. The documentation and specification states that the socket will be encrypted by default.
Discussion:
Acknowledgements:
This issue was discovered by Steven Hawkins of Red Hat.
---
This issue has been addressed in following products:
JBoss Enterprise Data Services Platform 5.3.0
Via RHSA-2012:1301 https://rhn.redhat.com/errata/RHSA-2012-1301.html
2017-04-13
Published