CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23116

CVE-2022-23116 affects Jenkins Conjur Secrets Plugin 1.0.9 and earlier. The issue, described across the CVE entries, states that attackers who can control agent processes can decrypt secrets stored in Jenkins that were obtained through another method. The Red Hat and OSV entries corroborate the s...

Jenkins Plugin 安全漏洞

Jenkins Plugin is an open source application for Jenkins. Jenkins Plugin Conjur Secrets Plugin 1.0.9 and earlier versions have a security vulnerability that allows an attacker to exploit the vulnerability to take control of an agent process to decrypt the functionality of secrets stored in Jenkin...

Connector Connectivity Check Tool Reporting unable to connect to messaging

When SSL decryption is enabled on certain proxies Ex: Barracuda, WebSense, some services may have trouble connecting to the platform...

CVE-2021-38921

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067...

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

Apache Kylin has an unspecified vulnerability (CNVD-2022-02491)

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin security vulnerability, the vulnerability stems from the user...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Apache Kylin 安全特征问题漏洞

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin security vulnerability, the vulnerability stems from the user...

EulerOS Virtualization 3.0.2.6 : nettle (EulerOS-SA-2021-2886)

According to the versions of the nettle packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this fl...

Rustpad - Multi-Threaded Padding Oracle Attacks Against Any Service

A multi-threaded what now? rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key! Features Decryption of cypher texts Encryption of...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2886)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow SFSAddString at bifs/scriptdec.c:76 Proof of Concept POC1 is here. Result MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null POC1 ··· 5 538135 abort ./source/gpac/bin/gcc/MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp Bt...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2838)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : nettle (EulerOS-SA-2021-2838)

According to the versions of the nettle packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this fl...