[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":42,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":49,"vulnerability-5054":55,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":89},[4,15,21,30,37],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - CVE Page","nginx-rift-cve-page","🚨 New: FREE SCANNER for NGINX Rift (CVE-2026-42945). No account needed.","https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift",true,[11],"/vulnerabilities-exploits/nginx-heap-buffer-overflow_29311","Scan for free","secondary","nginx-rift",{"title":16,"slug":17,"text":18,"link":8,"external":9,"targets":19,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 -blog","nginx-rift-blog","🚨 New: free scanner for NGINX Rift (CVE-2026-42945). Check your targets now.",[20],"/blog",{"title":22,"slug":23,"text":24,"link":25,"external":9,"targets":26,"cta":28,"variant":13,"campaign_id":29},"phpBB authentication bypass - VulnDB homepage","phpbb-authentication-bypass-vulndb","Detect 2 new CVEs our research team discovered in phpBB","https://pentest-tools.com/vulnerabilities-exploits/phpbb-authentication-bypass_29369",[27],"/vulnerabilities-exploits","See the details","phpbb-authentication-bypass",{"title":31,"slug":32,"text":33,"link":34,"external":9,"targets":35,"cta":36,"variant":13,"campaign_id":29},"phpBB authentication bypass - CVE page","phpbb-authentication-bypass-cve","See how our research team discovered these 2 new CVEs in phpBB","https://pentest-tools.com/research/phpbb-authentication-bypass",[27],"Read the research",{"title":38,"slug":39,"text":24,"link":25,"external":9,"targets":40,"cta":28,"variant":13,"campaign_id":29},"phpBB authentication bypass - Sniper","phpbb-authentication-bypass-sniper",[41],"/exploit-helpers/sniper",["Island",43],{"key":44,"params":45,"result":47},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":46},"{}",{"head":48},{},["Island",50],{"key":51,"params":52,"result":53},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":46},{"head":54},{},{"id":56,"detectable_with":57,"vuln_details":64,"vuln_id":86,"name":87,"published":88,"updated":65},5054,{"tool":58,"engine":61},{"id":59,"name":60},1,"Network Scanner",{"id":62,"name":63},3,"OpenVAS",{"id":56,"codename":65,"description":65,"severity":66,"risk_description":67,"public_description":68,"public_recommendation":69,"recommendation":65,"references":70,"cvssv3":77,"epss_score":78,"epss_percentile":79,"cve":80,"in_cisa_catalog":9,"date":85,"software_type":65,"vendor":65,"product":65,"ptt_exploit_capabilities":65},null,"critical","The servlet specification prohibits servlet containers from serving resources in the /WEB-INF and /META-INF directories of a web application archive directly to clients. This means that URLs like: http://example.com/WEB-INF/web.xml will return an error message, rather than the contents of the deployment descriptor. However, some application or web servers / products are prone to a vulnerability that exposes this information if the client requests a URL like this instead: http://example.com/\u003Csemicolon>/WEB-INF/web.xml http://example.com/\u003Csemicolon>/web-inf/web.xml (note the \u003Csemicolon>/ before WEB-INF). Based on the information provided in this file an attacker might be able to gather additional info and/or sensitive data about the application / the application / web server.","Various application or web servers / products are prone to an information disclosure vulnerability.","The following vendor fixes are known: - Update Atlassian Confluence to the latest available version - Update Atlassian Jira Server to the latest available version - Update Caucho Resin to the latest available version For other products please contact the vendor for more information on possible fixes.",[71,72,73,74,75,76],"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","https://jira.atlassian.com/browse/JRASERVER-72695","https://jira.atlassian.com/browse/CONFSERVER-67893","http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html","http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html","https://github.com/maybe-why-not/reponame/issues/2",9.8,0.99999,0.99991,[81,82,83,84],"CVE-2021-26085","CVE-2021-26086","CVE-2021-44138","CVE-2022-31656","2021-08-03T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.117708","/;/WEB-INF/ Information Disclosure Vulnerability (HTTP)","2021-10-06T00:00:00Z",["Island",90],{"key":91,"params":92,"result":94},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":93},"{\"text-color\":\"gray\"}",{"head":95},{}]