BD Pyxis™ SupplyStation™ RF Auxiliary Security Vulnerabilities

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

...

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

...

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

...

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

...

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

...

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

...

How to Implement a Secure Incident Response Plan

Understanding the Basics of Secure Incident Response Plan A proactive strategy for coping with digital dangers calls for a well-planned process that can neutralize and diminish the harmful aftermath of unauthorized intrusion attempts and neglect of security principles. The primary aim of this...

MinIO Bootstrap Verify Information Disclosure

MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. Verified.....

BIT-json-c-2021-32292

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...

Jenkins cli Ampersand Replacement Arbitrary File Read

This module utilizes the Jenkins cli protocol to run the help command. The cli is accessible with read-only permissions by default, which are all thats required. Jenkins cli utilizes args4j's parseArgument, which calls expandAtFiles to replace any @ with the contents of a file. We are then able to....

Wiz recognized with top score for the current offering category in The Forrester Wave™: Cloud Workload Security, Q1, 2024

Learn why Forrester recognized Wiz as the top ranked in the current offering category on the market out of the top 13 providers, and how their analysis connects with the Wiz...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to denial of service due to the use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-22081, CVE-2023-5676)

Summary IBM Virtualization Engine TS7700 is susceptible to denial of service due to the use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-22081, CVE-2023-5676). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent....

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 5 and 7 that is used by Content Manager Enterprise Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Manager Enterprise Edition CVE-2015-7575

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. ...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition ((CVE-2015-0410, CVE-2014-6593, CVE-2015-0383, CVE-2015-0138))

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring....

Security Bulletin: Security Vulnerabilities have been identified in IBM® SDK Java™ Technology Edition shipped with Content Management Enterprise Edition

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM Content Management Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Information about the security vulnerability affecting IBM SDK Java...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Security Vulnerabilities have been identified in IBM® SDK Java™ Technology Edition shipped with Content Management Enterprise Edition

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM Content Management Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Information about the security vulnerability affecting IBM SDK Java...

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are...

Introducing the Wallarm 2024 API ThreatStatsTM Report

The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...

Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats

In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on.....

Prevent BEC with AI-Powered Email and Collaboration

Latest Trend Vision One™ platform integration addresses growing need for streamlined IT and security operations across email and messaging...

Privacy predictions for 2024

In our previous privacy predictions piece, we outlined trends for 2023. As expected, there was a notable increase in the adoption of digital IDs to replace paper documents. For example, California expanded a pilot program for digital driver's licenses, and Russia introduced laws enabling...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22045, CVE-2023-22049)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22045 ...

Qualys WAS Unveils New Features in an Upgraded User Interface

Qualys Web Application Scanning (WAS) has been at the forefront of web application and API security innovation, and today, we're excited to announce a significant leap - the launch of our New User Interface (UI). From improved performance and reliability to cutting-edge technology adoption and...

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

Design/Logic Flaw

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

Reduce Risk Faster With the Qualys Risk Reduction Recommendation Report

New vulnerabilities are found almost daily. However, most organizations struggle to identify, prioritize, and remediate vulnerabilities efficiently—making their environments vulnerable to risk. Last year, Qualys introduced Qualys VMDR with TruRiskTM, which helps organizations quantify cyber risk...

Security Bulletin: NVIDIA BlueField 2 and 3 BMC - January 2024

NVIDIA has released a firmware update for NVIDIA BlueField DPU Baseboard Management Controller (BMC). To protect your system, download and install this firmware update from the NVIDIA DOCA Software Framework page. Go to NVIDIA Product Security. Details This section provides a summary of potential.....

Webinar: Join us for the latest in API Threats on January 24, 2024

In today's complex digital landscape, the security of APIs has become paramount. As we move into 2024, it's essential to stay ahead of the evolving API security threats and vulnerabilities. The upcoming webinar on "API ThreatStats™ Report: 2023 Year-In-Review" is your quickest way to learn about...

Metasploit Weekly Wrap-Up 01/19/24

Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Oct 2023 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.19 and earlier, 8.0.8.11 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...

GitLab Password Reset Account Takeover

This module exploits an account-take-over vulnerability that allows users to take control of a gitlab account without user interaction. The vulnerability lies in the password reset functionality. Its possible to provide 2 emails and the reset code will be sent to both. It is therefore possible to.....

Reduce Business Email Compromise with Collaboration

Here's the latest Trend Vision One™ platform integration addressing the growing need for collaboration in business email security...

Dell iDRAC6 Improper Authentication (CVE-2013-4783)

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes...

GPU Memory Leaks

Bulletin ID: AMD-SB-6010 Potential Impact: Data leakage Severity: Medium Summary Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel. CVE...

EulerOS Virtualization 2.10.0 : json-c (EulerOS-SA-2023-3472)

According to the versions of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow...

EulerOS 2.0 SP10 : json-c (EulerOS-SA-2023-3216)

According to the versions of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the...

EulerOS 2.0 SP11 : json-c (EulerOS-SA-2023-3009)

According to the versions of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the...

EulerOS Virtualization 2.10.1 : json-c (EulerOS-SA-2023-3500)

According to the versions of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow...

EulerOS 2.0 SP11 : json-c (EulerOS-SA-2023-3032)

According to the versions of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the...

EulerOS Virtualization 2.11.1 : json-c (EulerOS-SA-2023-3358)

According to the versions of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow...

EulerOS Virtualization 2.11.0 : json-c (EulerOS-SA-2023-3377)

According to the versions of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow...

EulerOS 2.0 SP10 : json-c (EulerOS-SA-2023-3181)

According to the versions of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the...

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component.....