SAP PowerDesigner 代码注入漏洞

SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...

How to use rewrite policy to add text message or links under logon button in Gateway logon page

This article describes how to add text message or links to Gateway logon page with RfWebUI based portal theme. The below image is the Gateway logon page for an end user. Links and text message are under Log On button. The solution in this article applies to both basic authentication and AAA...

Oracle Linux 8 : squid:4 (ELSA-2020-4743)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4743 advisory. - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...

WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Laposta Signup Basic Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41950 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0e4907670209 Credits Nguyen Xuan...

Tenda AC6 formWifiBasicSet function buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps and dual-band all-in-one functionality. The Tenda AC6 suffers from a buffer overflow vulnerability that originates from the formWifiBasicSet function failing to...

PTC Kepware KepServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...

PT-2023-5232 · Kepware · Kepserverex

Name of the Vulnerable Software and Affected Versions: KEPServerEX affected versions not specified Description: The issue is related to insufficient protection of credentials in KEPServerEX, allowing an adversary to capture user credentials due to the web server's use of basic authentication. Thi...

CVE-2023-41555

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security5g at url /goform/WifiBasicSet...

CVE-2023-41555

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security5g at url /goform/WifiBasicSet...

PT-2023-27670 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 Description: The issue is related to a Buffer Overflow that can be triggered via the formWifiBasicSet function. Recommendations: For version 15.03.05.16, consider disabling the formWifiBasicSet function as a...

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-39809

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a command injection vulnerability via the systemhostname parameter at /manage/network-basic.php...

CVE-2023-39809

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a command injection vulnerability via the systemhostname parameter at /manage/network-basic.php...

N.V.K.INTER iBSG 命令注入漏洞

N.V.K.INTER iBSG NVK iBSG is a security appliance from N.V.K.INTER, Inc. A security vulnerability exists in N.V.K.INTER iBSG version v3.5, which originates from a command injection vulnerability in the parameter systemhostname in the file /manage/network-basic.php...

CVE-2023-40171 Dispatch writes JWT tokens in error message

Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the Dispatch Plugin - Basic Authentication Provider plugin encounters an error when attempting to decode a JWT token. Any Dispatch users...

CVE-2023-21230

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution...

CVE-2023-39828

Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function...

CVE-2023-34476 Extension - mooj.org - SQLi in Proforms Basic component for Joomla <= 1.6.0

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability allows SQL Injection...

CVE-2023-34476 Extension - mooj.org - SQLi in Proforms Basic component for Joomla <= 1.6.0

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability allows SQL Injection...