idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19090)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in version 7.0.11 of idreamsoft iCMS. The vulnerability stems from the detection of CSRFTOKEN when it does not exist, and the program...

Cross site request forgery (csrf)

An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF...

CVE-2018-16332

An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...

Physics Platform - A Remote Hardware Hacking Platform

Physics platform is a tool for hardware systems e.g: raspberryPi 3B . It retrieves data passing through the network and sends it to a control panel. It works the same way as a botnet by receiving remote commands. you can imagine that as a black box. Physics hardware You can check repository of...

CVE-2018-11502

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF...

Microsoft Windows: Configure Solicited Remote Assistance

This policy setting allows you to turn on or turn off Solicited Ask for Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

Microsoft Windows: Always install with elevated privileges

This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user offered on the...

Microsoft Windows: Turn off Windows Customer Experience Improvement Program

This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect...

CVE-2018-12583

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2017-5664)

Summary Apache Tomcat is vulnerable to a security issue affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2017-5664 Description: Apache Tomcat could allow a remote attacker to bypass securi...

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816)

Summary Apache Tomcat is vulnerable to a security issue affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2016-6816 Description: Apache Tomcat is vulnerable to HTTP response splitting...

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by multiple Apache Tomcat vulnerabilities

Summary Apache Tomcat is vulnerable to a number of security issues affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2015-5345 Description: Apache Tomcat could allow a remote attacker to...

Security Bulletin: Vulnerability in Spring Framework for Java Deserialization in Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server (CVE-2015-7450)

Summary A Spring Framework vulnerability for handling Java object deserialization was addressed by Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server. This vulnerability does not have its own CVE number, but is linked to CVE-2015-7450. Vulnerability...

Security Bulletin: Vulnerability in Apache Commons affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Rational Integration Tester in Rational Test Workbench, Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server, and RIT Agent in Rational Test...

Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server uses an insecure hashing scheme for handling user passwords (CVE-2015-1913)

Summary Rational Test Control Panel component stores MD5 hashes of user passwords, which has now proven to be insecure. Vulnerability Details CVE ID: CVE-2015-1913 Description: Rational Test Control Panel generates and stores an MD5 hash of users' passwords. The MD5 hash is persisted and used to...

Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2014-0230)

Summary The Apache Tomcat server used in Rational Test Control Panel is vulnerable to a denial of service attack. Vulnerability Details CVE ID: CVE-2014-0230 Description: Apache Tomcat is vulnerable to a denial of service, caused by an error when uploading files. An attacker could exploit this...

Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Castor Library vulnerablity (CVE-2014-3004)

Summary The Castor Project Castor library is vulnerable affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain...

Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4444)

Summary Apache Tomcat is vulnerable affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

Summary Apache Tomcat is vulnerable to a number of security issues affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts...