13 matches found
Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers
Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...
PT-2026-28604
Name of the Vulnerable Software and Affected Versions Zebra versions prior to 4.3.0 Description A flaw exists in Zebra’s transaction processing logic that allows a remote, unauthenticated attacker to cause a Zebra node to crash. This is triggered by sending a specially crafted V5 transaction that...
PT-2025-34844 · Cgm · Cgm Clininet
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The system exposes several endpoints, typically including /int/ in their path, that should be restricted to internal services but are publicly accessible without authentication to any host able to...
Deserialization of Untrusted Data
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the PyNcclPipe service if it is in use with the V0 engine. An attacker can execute arbitrary code on the...
Tenda O6 安全漏洞
Tenda O6 is a wireless bridge from Tenda, China. Tenda O6 version 1.0.0.7 suffers from a buffer overflow vulnerability, which originates from the parameter ip/localPort/publicPort/app of the fromVirtualSet function of file /goform/setPortForward fails to properly validate the length and size of t...
Tenda O3 安全漏洞
Tenda O3 is an outdoor wireless bridge from Tenda, China. A security vulnerability exists in the Tenda O3, which stems from a stack-based buffer overflow due to manipulation of the ip/localPort/public Port/app parameter in the fromVirtualSet function. No details of the vulnerability are available...
mailcow Security Vulnerabilities
mailcow is a mail server suite. A security vulnerability exists in previous versions of mailcow 2024-01c that stems from allowing an attacker on the same subnet to connect to a public port of a Docker container...
Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebas...
Monero: Malicious get_random_rct_outs.bin rpc can cause a near-infinite loop
Summary: An unsanitized getrandomrctouts.bin rpc request can cause the rpc handler to go into an effectively infinite-loop, peg the cpu, and block other requests from completing. Description: The rpc endpoint /getrandomrctouts.bin takes a uint64 outscount as input and will return that many random...
scanless - Public Port Scan Scrapper
Command-line utility for using websites that can perform port scans on your behalf. Useful for early stages of a penetration test or if you'd like to run a port scan on a host and have it not come from your IP address. scanless adj: lacking respectable morals. That girl is scanless! Public Port...
NetCore's full range of routers have been hit by a "suspected backdoor" program.
Netcore is a Shenzhen Lei Ke network communications producer, the main products involved in wireless routers, wireless network cards, network cards, hubs, switches, broadband routers, Layer 2, 3 and 4 switches, optical terminals. NetCore router has a built-in program called IGDMPTD, according to...
EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet Remote Code Execution
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...
Symantec Workspace Streaming 7.5.0.493 Rmote Code Execution
Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution tested against: Microsoft Windows Server 2008 R2 sp1 download url: http://www.symantec.com/it/it/products-solutions/trialware/ file tested: SymantecWorkspaceStreaming7.5.0.493.zip vulnerability: the...