Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...

Jedox 2022.4.2 - Code Execution via RPC Interfaces

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...

CVE-2023-0346

Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...

SUSE CVE-2007-0578

The httpopen function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service infinite loop by closing the HTTP connection early...

Server-side attacks, C&C in public clouds and other MDR cases we observed

Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response MDR team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you t...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

ISC BIND Buffer Overflow Vulnerability

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a buffer overflow vulnerability that originates when reusing an HTTP connection to request statistics from the stats channel, where the length of the contents of...

CVE-2022-2881

A flaw was found in the Bind package. When an HTTP connection was reused to request statistics from the stats channel, the content length of successive responses could grow in size past the end of the allocated buffer, affecting the availability...

Cross site request forgery (csrf)

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service DoS via a crafted HTTP connection request...

PT-2022-22622 · D Link · D-Link Wireless Ac1200 Dual Band Vdsl Adsl Modem Router Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware version 1.01 Description: The issue allows unauthenticated attackers to cause a Denial of Service DoS via a crafted HTTP connection request. Recommendations: For D-Link...

Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by...

CVE-2022-22545

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756...

Design/Logic Flaw

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756...

CVE-2022-22545

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756...

Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

Python < 2.7.17, 3.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.9, 3.7.x < 3.7.3 Cookie domain check returns incorrect results (bpo-35121) - Linux

Python is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Oracle WebLogic Server 12.2.1.0 Remote Code Execution

Exploit Title: Oracle WebLogic Server 12.2.1.0 - RCE Unauthenticated Google Dork: inurl:\"/console/login/LoginForm.jsp\" Date: 25/1/2021 Exploit Author: CHackA0101 Vendor Homepage: https://www.oracle.com/security-alerts/cpuoct2020.html Version: Oracle WebLogic Server, version 12.2.1.0 Tested...

[ASA-202012-16] hostapd: proxy injection

Arch Linux Security Advisory ASA-202012-16 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-12695 Package : hostapd Type : proxy injection Remote : Yes Link : https://security.archlinux.org/AVG-1322 Summary ======= The package hostapd before version...