47 matches found
CVE-2023-52705 nilfs2: fix underflow in second superblock position calculations
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFSSB2OFFSETBYTES, which computes the position of the second superblock, underflows when the argument device size is less than 4096 bytes. Therefore, when...
PT-2024-27896 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's "Social Icons" block due to...
How To: Allow traffic only from specific IPs or subnets.
Create a Responder policy that will block access to bound virtual server depending on source IP or source subnet of the client, so that the resource is only accessible from specific IPs and specific subnet IPs...
Palo Alto Networks GlobalProtect 安全漏洞
Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that originates from the ability of an authenticated,...
Tutanota Input Validation Error Vulnerability
Tutanota is a very security- and privacy-conscious email service from Tuta that encrypts email, contacts, and calendar entries on all devices. An input validation error vulnerability exists in Tutanota versions 3.118.12 through 3.119.10, which stems from an attacker being able to send a manipulat...
How to block access URL https://x.x.x.x/oauth/idp/.well-known/openid-configuration
This article will guide on how to block access to the URL https://x.x.x.x/oauth/idp/.well-known/openid-configuration, where x.x.x.x is the URL of the gateway...
CVE-2023-24812 SQL injection of notes/search-by-tag
Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...
CVE-2022-31195
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...
DRUPAL-CONTRIB-2021-015
Chaos tool suite ctools module provides a number of APIs and extensions for Drupal, its 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them. The module doesn't sufficiently handle block access control on its EntityView...
OHNI has a flawed logic vulnerability
ohni2 OHNI is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'sell' function in OHNI's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...
Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
Description Microsoft SQL Server Management Studio is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SQL Server Management Studio 17.9 Microsoft SQL Server...
Microsoft Windows Hyper-V CVE-2018-8434 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...
CVE-2018-2396
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service...
ISPs Should Block ‘The Pirate Bay’ Torrent Site: Top European Court Rules
The Pirate Bay — a widely popular file-sharing website predominantly used to share copyrighted material free of charge — is once again in trouble, this time in Europe. The European Union Court of Justice ECJ ruled today that Dutch ISPs can block access to The Pirate Bay, as the Swedish file-hosti...
CVE-2013-4431
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request...
CVE-2013-4431
CVE-2013-4431 affects Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3. It does not properly prevent access to blocks, allowing remote authenticated users to modify arbitrary blocks via the block id in an edit request. The vulnerability enables partial integrity impact and partial...
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...
UBUNTU-CVE-2012-3390
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block...
McAfee myCIO HTTP Server Detection
We detected the presence of McAfee SPDX-FileCopyrightText: 2005 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10707";...