Cross site scripting

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver Ethernet Emulation Mode. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker...

Cisco IOS XE Software Web UI OS Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are...

CVE-2020-36283

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver Ethernet Emulation Mode. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker...

PT-2021-2554 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating...

maltrail

This is a Python script repository for a malicious traffic detection system called Maltrail. The repository contains various files and directories, including configuration files, data storage files, and scripts for data processing and analysis. The script uses a variety of techniques to detect...

FUJITSU LIMITED Fujitsu ServerView Suite 跨站脚本漏洞

FUJITSU LIMITED Fujitsu ServerView Suite is a software application from FUJITSU LIMITED. It provides a lifecycle management of your servers - from a single system to large server pool capabilities. A security vulnerability exists in Fujitsu ServerView Suite iRMC before 9.62F, which can be exploit...

Code injection

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

CVE-2021-20018

CVE-2021-20018 affects SonicWall SMA100: a post-authenticated vulnerability that allows exporting the device’s configuration to a specified email address, impacting SMA100 versions 10.2.0.5 and earlier. The CVE details in linked sources (e.g., SonicWall PSIRT SNWLID-2021-0005 and CNVD/CVE records...

SUSE-SU-2021:0776-1 Security update for s390-tools

This update for s390-tools fixes the following issues: - Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. - CVE-2021-25316: Do not use predictable temporary file names bsc1182777. - Mad...

CVE-2021-22710

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF Configuration Group File file is imported to IGS...

CVE-2021-22709

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF Configuration Group File fil...

Exploit for Path Traversal in Lanproxy_Project Lanproxy

CVE-2021-3019 LanProxy Directory Traversal - - - - - - - - - -...

CVE-2021-21371

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

Design/Logic Flaw

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromis...

Threatspec - Continuous Threat Modeling, Through Code

Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...

SmartFoxServer Information Disclosure Vulnerability

SmartFoxServer is a software development program for rapid development of multiplayer games and applications via Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C ++, etc. SmartFoxServer is a software development program from SmartFoxServer, USA. The software...

HaE - BurpSuite Highlighter And Extractor

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. Read Chinese simplified version READMEzh. Public Rules Website: https://gh0st.cn/HaE/ Introduction HaE is used to highlight HTTP requests and extract information from HTTP response...

jenkins: Path traversal vulnerability in agent names

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...