Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit) | allinfosecnews.com

Dec. 27, 2022, 3:28 a.m. | Ismail Tasdelen

InfoSec Write-ups - Medium infosecwriteups.com

Tautulli 2.1.9 ( CVE-2019–19833 )

While doing security research, I came across a product called Tautulli. And I started to examine the relevant application. There were two security vulnerabilities that I discovered in this product. CSRF and DDOS effects could be created. Thus, the Media server could be shut down remotely.

The main problem was anonymous access to the /shutdown parameters function. I discovered this after a long struggle.

Details :

In the corresponding version of v2.1.9 by …

cross-site cross-site request forgery cybersecurity denial of service forgery metasploit request responsible disclosure service shutdown version vulnerability vulnerability research

More from infosecwriteups.com / InfoSec Write-ups - Medium

A Simple 2FA Bypass 5 hours ago | infosecwriteups.com

2fa 2fa bypass access attacker +25

Data Profiling Reveals Why 39+ U.S. States Banned TikTok 5 hours ago | infosecwriteups.com

app banned banning chinese +15

BountyDork: Your Ultimate Automatic Dorking Testing Companion For Bug Bounty 5 hours ago | infosecwriteups.com

automatic automation bounty bug +16

RegreSSHion (CVE-2024–6387): Dive into the Latest OpenSSH Server Threat 5 hours ago | infosecwriteups.com

continue critical cve cve-2024 +13

Do You Need To Know Coding In Cloud Security ?? 5 hours ago | infosecwriteups.com

aws cloud cloud computing cloud security +6

Step-by-Step Guide on How to Hack Phone Remotely 5 hours ago | infosecwriteups.com

android cybersecurity hacking technology

Enabling Reproducible and Verification of Time to Network Protocol Testing 5 hours ago | infosecwriteups.com

continue cybersecurity discover infosec +11

Art of finding zero day vulnerabilities using Open Source AI 5 hours ago | infosecwriteups.com

ai security art article awareness +26

Unlocking Kubernetes Security: The Complete Checklist 5 hours ago | infosecwriteups.com

container security hacking kubernetes kubernetes security +1

Sr. IT Internal Auditor

@ CCC Intelligent Solutions | Chicago (Green St), IL

View on infosec-jobs.com

Sr. Principal Product Manager

@ Forcepoint | USA - Remote

View on infosec-jobs.com

Principal Software Engineer

@ Rapid7 | NIS Belfast

View on infosec-jobs.com

Consultant as Network & Security Administrator ( Cloud Oriented )

@ Teamwork Corporate | Moka, Mauritius

View on infosec-jobs.com

Access Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 1000) client

View on infosec-jobs.com

Associate, Technology Audit

@ BlackRock | AT8 - 725 Ponce de Leon Ave NE, Atlanta

View on infosec-jobs.com