@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)

Summary The maintainer been contemplating whether FTP or other protocols could serve as useful functionalities, but there may not be a practical reason for it since we are utilizing headless Chrome to capture screenshots. The argument is based on the assumption that this package can function as a...

FAQ: Fail-To-Wire Feature in CloudBridge 2000 and 3000 Appliances

This article is an FAQ on the Fail-To-Wire FTW functionality found in the new Citrix CloudBridge 2000 and Citrix CloudBridge 3000 appliances. Q: What is the supported software release? A : The FTW feature is supported with the following software releases: SVM build: NS 10.0.72.5007 CloudBridge...

Virtual Desktop Agent Registration with Controllers in XenDesktop

Virtual Desktop Agent Registration with Controllers in XenDesktop. Event ID: 1022 Event ID: 1001 For successful installation, re-install Virtual Desktop 5.5. After the installation is successful, the following message is displayed: “Unable to initialize new components. The machine will register a...

BGP Routing and RHI Functionality in NetScaler

This article provides information about BGP routing in NetScaler and some of the sample BGP configurations. It gives a brief overview of the RHI functionality. Route Health Injection RHI The primary purpose of dynamic routing in NetScaler is to communicate the state or health of VIPs to the...

(Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability

This vulnerability allows network-adjacent attackers to downgrade Synology software on affected installations of Synology BC500 cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue results from the lack of proper...

PT-2024-37793 · Unknown · Witmy My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus affected versions not specified Description: A critical issue has been found, affecting an unknown functionality of the file /api/user. The manipulation of the params.dataScope argument leads to SQL injection. The...

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to OpenSSL (CVE-2024-2511)

Summary OpenSSL is used to provide TLS functionality within IBM DataPower Gateway Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...

CVE-2024-6598

KNIME Business Hub versions 1.10.0 and 1.10.1 are affected by a denial-of-service vulnerability in the execution path. An authenticated attacker with job execution privileges can run a job that floods internal messages, exhausting resources and causing outage of most functionality. Recovery requi...

CVE-2024-37430 WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...

CVE-2024-37430

CVE-2024-37430 affects Patreon WordPress plugin (Patreon Connect) for WordPress,

CVE-2024-37430 WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...

CVE-2023-38052 A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0

A BOLA vulnerability in GET, PUT, DELETE /admins/adminId allows a low privileged user to fetch, modify or delete a high privileged user admin. This results in unauthorized access and unauthorized data manipulation...

WordPress Houzez Theme - Functionality plugin <= 3.2.2 - Authenticated (Seller+) SQL Injection vulnerability

WordPress Houzez Theme - Functionality plugin = 3.2.2 - Authenticated Seller+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin Houzez Theme - Functionality versions = 3.2.2...

WordPress Houzez Theme - Functionality Plugin <= 3.2.2 is vulnerable to SQL Injection

Software Houzez Theme - Functionality Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5793 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 838e09ac4d68 Credits István Márton Required privilege Sell...

CVE-2023-46685

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted network packets can lead to arbitrary command execution...

CVE-2023-49867

CVE-2023-49867 describes a stack-based buffer overflow in the Realtek rtl819x Jungle SDK v3.4.11, specifically the boa web server API /boafrm/formWsc. The vulnerability stems from an unsafe handling of the targetAPMac parameter: the code copies hexadecimal characters into a stack buffer (targetAP...

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio aka Melcoz. That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015...

PT-2024-13231 · Realtek · Realtek Rtl819X Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality. This can be triggered by a specially crafted series of network requests, potentially leading t...

PT-2024-13933

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: Three os command injection vulnerabilities exist in the boa formWsc functionality. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can sen...

Broken Access Control

TYPO3 is vulnerable to Broken Access Control. The vulnerability is due to regular backend users having access to import functionality that is typically restricted to admin users or users with specific User TSconfig settings enabled options.impexp.enableImportForNonAdminUser...