Lucene search
JoukoH1:138721HistoryMay 14, 2016 - 1:22 a.m.
Pornhub: SSRF & XSS (W3 Total Cache)
2016-05-1401:22:59
jouko
hackerone.com
$1000
383
0.957 High
EPSS
Percentile
99.4%
The researcher discovered a vulnerable WordPress plugin. The plugin suffers from a server-side request forgery vulnerability that can be exploited in several ways.
The researcher was successful in doing the following:
- Accessing a private server-status URL exposing a monitoring tool.
- Running a Flash app in pornhub.comβs context to perform an XSS-like attack.
Related
httpd
httpd
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.2.24 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.2.29 : mod_status buffer overflow
2014-05-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 08:52:43
Arbitrary Code Injection
2019-05-02 04:44:51
Denial Of Service (DoS)
2019-05-02 05:03:42
prion
prion
Cross site scripting
2013-02-26 16:55:00
Race condition
2014-07-20 11:12:00
f5
f5
SOL15900 - Apache HTTP server vulnerability CVE-2012-3499
2014-12-10 00:00:00
K15900 : Apache HTTP server vulnerability CVE-2012-3499
2014-12-11 00:00:00
SOL15865 - Apache HTTP server vulnerability CVE-2012-4558
2014-11-25 00:00:00
cve
cve
CVE-2012-3499
2013-02-26 16:55:01
CVE-2014-0226
2014-07-20 11:12:48
nvd
nvd
CVE-2012-3499
2013-02-26 16:55:01
CVE-2014-0226
2014-07-20 11:12:48
seebug
seebug
Apache HTTP Serverε€δΈͺ樑εδΈ»ζΊεεURIθ·¨η«θζ¬ζΌζ΄
2013-02-28 00:00:00
cvelist
cvelist
CVE-2012-3499
2013-02-26 16:00:00
CVE-2014-0226
2014-07-20 10:00:00
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2012-3499
2013-02-26 16:55:01
CVE-2014-0226
2014-07-20 11:12:48
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_status Heap Buffer Overflow (CVE-2014-0226)
2014-08-06 00:00:00
ibm
ibm
zdt
zdt
Apache 2.4.7 httpd mod_status Heap Buffer Overflow Vulnerability
2014-07-20 00:00:00
packetstorm
packetstorm
Apache Scoreboard / Status Race Condition
2014-07-21 00:00:00
nessus
nessus
Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : httpd (SSA:2013-062-01)
2013-03-04 00:00:00
Fedora 18 : httpd-2.4.4-2.fc18 (2013-4541)
2013-04-01 00:00:00
Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities
2013-02-27 00:00:00
openvas
openvas
Fedora Update for httpd FEDORA-2013-4541
2013-04-02 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-175)
2015-09-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0648-1)
2021-06-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:015 ] apache
2013-03-02 00:00:00
Apache security vulnerabilities
2013-03-02 00:00:00
[USN-2299-1] Apache HTTP Server vulnerabilities
2014-07-28 00:00:00
amazon
amazon
fedora
fedora
[SECURITY] Fedora 18 Update: httpd-2.4.4-2.fc18
2013-04-01 03:30:25
[SECURITY] Fedora 20 Update: httpd-2.4.10-1.fc20
2014-07-25 10:03:52
[SECURITY] Fedora 19 Update: httpd-2.4.10-1.fc19
2014-08-15 02:47:11
freebsd
freebsd
apache22 -- several vulnerabilities
2012-10-07 00:00:00
apache22 -- several vulnerabilities
2014-07-19 00:00:00
apache24 -- several vulnerabilities
2014-07-15 00:00:00
slackware
slackware
httpd
2013-03-03 15:02:33
[slackware-security] httpd
2014-07-24 01:35:41
centos
centos
httpd, mod_ssl security update
2013-05-13 22:32:03
httpd, mod_ssl security update
2014-07-23 15:12:33
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2014-07-23 15:36:55
osv
osv
apache2 - several
2013-03-04 00:00:00
apache2 - security update
2014-07-24 00:00:00
apache2 - security update
2014-09-29 00:00:00
debian
debian
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
[SECURITY] [DSA 2989-1] apache2 security update
2014-07-24 22:19:45
oraclelinux
oraclelinux
httpd security update
2013-05-13 00:00:00
httpd security update
2014-07-23 00:00:00
httpd security update
2014-07-23 00:00:00
redhat
redhat
(RHSA-2013:0815) Moderate: httpd security update
2013-05-13 00:00:00
(RHSA-2014:0920) Important: httpd security update
2014-07-23 00:00:00
(RHSA-2013:1012) Moderate: Red Hat JBoss Web Server 2.0.1 update
2013-07-03 15:40:17
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2014-08-29 00:00:00
Apache: Multiple vulnerabilities
2015-04-11 00:00:00
mageia
mageia
Updated apache package fixes security vulnerabilities
2014-07-30 01:30:55
Updated apache package fixes security vulnerabilities
2014-07-30 01:30:55
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2013-03-18 00:00:00
Apache HTTP Server vulnerabilities
2014-07-23 00:00:00
suse
suse
Security update for apache2 (important)
2014-09-02 19:04:20
Security update for apache2 (important)
2014-09-02 20:04:23
Security update for the Apache Web Server (important)
2014-08-07 01:04:17
hackerone
hackerone
Boozt Fashion AB: Instance of Apache Vulnerable to Several Issues
2016-09-08 15:44:15