Form Detected

The scanner has detected the presence of a form during the crawling of the target web application. Details about the form are provided in the plugin output. No source data...

CVE-2021-42228

creationtimestamp| type| source ---|---|--- 2021-10-14 20:27:53+00:00| seen| https://t.me/cibsecurity/30586...

Updated perl-DBI packages fix security vulnerability

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. CVE-2014-10402...

CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38163

creationtimestamp| type| source ---|---|--- 2021-09-14 16:21:47+00:00| seen| https://t.me/cibsecurity/28795 2021-09-15 14:22:34+00:00| seen| https://t.me/ptswarm/72 2021-09-16 15:55:40+00:00| seen| https://t.me/truesecator/2111 2023-06-14 21:10:04+00:00| seen|...

CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

UBUNTU-CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

Druid ingestion system Authenticated users can read data from other sources than intended

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38137

creationtimestamp| type| source ---|---|--- 2021-08-06 18:32:28+00:00| seen| https://t.me/cibsecurity/26936...

USN-5030-1 libdbi-perl vulnerabilities

It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2014-10402 It was discovered that the Perl DBI module incorrectly handled certain long...

The vulnerability of the Adobe Flash Player, related to a data source validation error, allows for the execution of arbitrary code.

The vulnerability of the Adobe Flash Player is related to a data source validation error. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

AVEVA System Platform 访问控制错误漏洞

AVEVA System Platform is an application from AVEVA UK. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. AVEVA System Platform is vulnerable to an Access Control Error vulnerability that arises from the software not properly...

The vulnerability of software such as Google Chrome, Firefox, Firefox ESR, and Thunderbird lies in a data source confirmation error, which allows attackers to gain access to confidential data.

The vulnerability of the Google Chrome, Firefox, Firefox ESR, and Thunderbird software lies in a data source confirmation error. Exploiting this vulnerability allows an attacker to gain access to confidential data remotely...

Privilege escalation

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-26920

The CVE-2021-26920 issue affects Apache Druid’s ingestion system: the HTTP InputSource can be used by authenticated users to read data from sources other than intended (e.g., local files) with the Druid server’s privileges. This is not a privilege elevation when accessed directly, since a Local I...

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

Information disclosure

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

CVE-2021-32691

CVE-2021-32691 affects Apollos Apps prior to v2.20.0, where new user registrations can access anyone’s account using only basic profile information (name, birthday, gender, etc.). This grants access to all app functionality and Rock-based links (e.g., giving, events). A patch exists in v2.20.0. A...

Monitor Windows Registry Changes with Qualys File Integrity Monitoring

With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...