Siemens COMOS Web (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Basic XSS, Relative Path Traversal, SQL Injection, Cross-site Request Forgery 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...

The vulnerability in the user interface of the basic authentication mechanism for Google Chrome allows a hacker to manipulate the URL input by using a specially created HTML page.

The vulnerability of the basic authentication user interface of Google Chrome is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to forge the URL content using a specially created HTML page...

Cross-site Scripting (XSS)

monit:stretch is vulnerable to cross-site scripting. Lack of proper sanitization in http/cervlet.c allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandle...

AuthGuard 授权问题漏洞

AuthGuard is easy to use and easy to customize identity server. It supports multiple authentication and authorization options, and can be extended to support additional options or add new features. It is an API-only solution and currently has no dedicated dashboard. an authorization issue...

The vulnerability of the “Basic HTTP Authentication” method for the Ethernet web application of the WISE-4060 module allows a attacker to gain access to confidential information.

The vulnerability of the “Basic HTTP Authentication” method in the Ethernet web application of the WISE-4060 module involves the transmission of data in an open manner. Exploiting this vulnerability could allow a remote attacker to gain access to confidential information...

CVE-2021-35248

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...

CVE-2021-35248 Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings...

Solarwinds Orion Platform访问控制错误漏洞

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, as well as support for customized web interfaces, multiple user opinions, and a mapped view of the entire...

CVE-2021-42295

Visual Basic for Applications Information Disclosure Vulnerability...

CVE-2021-42295

Visual Basic for Applications Information Disclosure Vulnerability...

Information disclosure

Visual Basic for Applications Information Disclosure Vulnerability...

CVE-2021-42295

CVE-2021-42295 is a Visual Basic for Applications information disclosure vulnerability affecting Microsoft Office components. The NVD/NIST entry describes a confidentiality impact (C:H in CVSS 3.1 terms) with local exploitation requirements and user interaction, and a partial confidentiality impa...

CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability

...

Microsoft Office 2016 Information Disclosure Vulnerability (KB4504710)

This host is missing an important security update according to Microsoft KB4504710 Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Microsoft Office 2013 Information Disclosure Vulnerability (KB4486726)

This host is missing an important security update according to Microsoft KB4486726 Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Description of the security update for Office 2016: December 14, 2021 (KB4504710)

Description of the security update for Office 2016: December 14, 2021 KB4504710 Summary This security update resolves a Visual Basic for Applications information disclosure vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-42295. Not...

KLA12389 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

PT-2021-6163 · Microsoft · Visual Basic For Applications +1

Name of the Vulnerable Software and Affected Versions: Visual Basic for Applications affected versions not specified Description: The issue is related to an information disclosure vulnerability in Visual Basic for Applications, which is part of the Microsoft Office suite. This vulnerability can b...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...