WordPress E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress VikBooking Hotel...

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...

Amios Emuse-eServices/eNvoice has an unspecified vulnerability

Amios Emuse-eServices/eNvoice is an electronic invoicing service from the Israeli company Amios. It is a digital interface that simplifies the collection process and automatically sends invoices to customers via email. Amios Emuse-eServices/eNvoice suffers from a security vulnerability that stems...

CVE-2021-36723

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service...

Code injection

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service...

CVE-2021-36723 Emuse - eServices / eNvoice Exposure Of Private Personal Information

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service...

Amios Emuse - eServices/ eNvoice 信息泄露漏洞

Amios Emuse-eServices/eNvoice is an electronic invoicing service from the Israeli company Amios. It is a digital interface that simplifies the collection process and automatically sends invoices to customers via email. Amios Emuse-eServices/eNvoice suffers from a security vulnerability that stems...

CVE-2021-28674

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...

CVE-2021-28674

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...

U.S. Dept Of Defense: Information Disclosure (can access all ███s) within ███████ view █████████ Portal

Summary: Once ███████ authenticated I did not mess around to see if I could reproduce without authentication, any user can view any ██████████ simply by changing the offasgid HTTP GET parameter value in the ██████ view █████████ portal link. Description: I was looking through my previous ███████s...

Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

XMeye P2P Cloud Remote Code Execution / Integrity Issues

SEC Consult also published a blog post regarding the identified security issues with further background information: Blog: https://r.sec-consult.com/xmeye SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

Information disclosure

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

PT-2012-4445 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.8 is not mentioned, however, it is mentioned that versions through 3.6 are affected. Therefore: Tridium Niagara AX Framework versions through 3.6 Description: The issue is related to the use of...

PT-2008-1742 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists in the Windows DNS client, allowing unauthenticated attackers to send malicious responses to DNS requests, thereby spoofing or redirecting Internet...

BIND 9 DNS Cache Poisoning Exploit (v0.3beta)

No description provided by source. !/usr/bin/env python """ DNS Cache Poison v0.3beta by posedge based on the Amit Klein paper: http://www.trusteer.com/docs/bind9dns.html output: time:ip:port: id: id q: query g: good e: error id: ID to predict...

perl-Net-DNS security issue

Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...