Hammock AssetView missing authentication for critical functions

Overview AssetView provided by Hammock Corporation misses authentication for some critical functions CWE-306 on the managing server. Denis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

cve-2021-44228-qingteng-online-patch What is this Hot-pa...

EC-CUBE fails to restrict access permissions

Overview EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions CWE-284 . EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning Partnership...

JVN#97554111: EC-CUBE vulnerable to cross-site scripting

EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild. Impact If a...

Security Advisory 0061

Security Advisory 0061 PDF Date: January 19th, 2021 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | January 19th, 2021 | Initial Release 1.1 | July 29th, 2021 | Updates to fixed versions The CVE-IDs tracking this issue are: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686 CVSSv3.1 scores a...

[security bulletin] HPSBMA02558 SSRT010158 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02290344 Version: 1 HPSBMA02558 SSRT010158 rev.1 - HP OpenView Network Node Manager OV NNM, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted up...

discuz! 7.1 and 7.2 remote code execution vulnerability exp-vulnerability warning-the black bar safety net

Excerpts from: 1 9 4 3'S BLOG Thanks WJS and the icy sun, laojun analysis, I will not say more, the use of exp then only the machine testing, and other purposes at your own risk! The first method: First register a user and then put form method="post" action=" " enctype="multipart/form-data" Post...

MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit

No description provided by source. / Copyright c 2007 devcode ^^ D E V C O D E ^^ Windows DNS DnssrvQuery Stack Overflow CVE-2007-1748 Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabili...