17 matches found
EUVD-2023-28441
Malicious code in bioql PyPI...
CVE-2023-28441
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly...
Novell EDirectory EMBox Unauthenticated File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell eDirectory eMBox Unauthenticated File Access', 'Description' = %q This module will access Novell eDirectory's eMBox service and can run th...
CVE-2024-28441
CVE-2024-28441 affects magicflue (v7.0 and earlier). The vulnerability is a file upload flaw that allows remote code execution via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. Connected documents confirm affected software/version range and the exact parameter/...
CVE-2023-28441
creationtimestamp| type| source ---|---|--- 2023-03-24 06:37:04+00:00| seen| https://t.me/cibsecurity/60636...
CVE-2023-28441 smartCARS 3 Password Stored as plain text in Error Log
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly...
CVE-2023-28441
CVE-2023-28441 affects smartCARS 3 (versions 0.5.8 and earlier). The root issue is that failed login attempts cause passwords to be stored in error logs. This vulnerability is not present in version 0.5.9. A practical workaround is to delete the affected log file and ensure login is performed cor...
CVE-2023-28441 smartCARS 3 Password Stored as plain text in Error Log
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly...
CVE-2020-28441
creationtimestamp| type| source ---|---|--- 2022-07-25 18:33:08+00:00| seen| https://t.me/cibsecurity/46908...
CVE-2020-28441
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28441
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28441 Prototype Pollution
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28441
The CVE-2020-28441 issue affects the package conf-cfg-ini prior to 1.2.2. A malicious INI file parsed by decode can cause prototype pollution, allowing an attacker to pollute the application’s prototype and potentially enable further exploitation depending on context. Affected components: conf-cf...
CVE-2021-28441
Windows Hyper-V Information Disclosure Vulnerability...
CVE-2021-28441
Technical details about CVE-2021-28441 are not provided in the connected documents. Monitor for updates from official advisories for affected products, scope, and fixes.
KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...
Novell eDirectory eMBox Unauthenticated File Access
This module will access Novell eDirectory's eMBox service and can run the following actions via the SOAP interface: GETDN, READLOGS, LISTSERVICES, STOPSERVICE, STARTSERVICE, SETLOGFILE. This module requires Metasploit: https://metasploit.com/download Current source:...