127 matches found
HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15173)
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant is vulnerable to authorization issues, which stem from the product's failure to effectively authenticate users, and can be exploited by attackers to...
HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15170)
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...
HP Support Assistant 授权问题漏洞
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant is vulnerable to authorization issues, which stem from the product's failure to effectively authenticate users, and can be exploited by attackers to...
HP Support Assistant 授权问题漏洞
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...
HP Support Assistant 授权问题漏洞
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...
Siemens SINUMERIK 信任管理问题漏洞
Siemens SINUMERIK Edge is a combination of hardware and software that provides a machine-oriented system platform for applications that facilitate digital production support and optimization.SINUMERIK Edge Certificate Improper Validation VulnerabilityAffected software does not properly validate...
CVE-2021-38457
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication...
PT-2021-22132 · Auvesy · Versiondog
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an attacker to initiate a session with the server without providing any form of authentication, as the server permits communication without any authentication...
What is Graphql ❓ Definition with Example
Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...
CVE-2021-22925
curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...
CVE-2021-22923
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
How to modify the ADC Radius Request retry attempts .
This article describes how to modify the number of attempts by ADC to send a Radius Request to Radius Server...
The vulnerability of the software for interacting with servers via CURL lies in the use of memory areas after they are freed, allowing an attacker to gain access to confidential data.
The vulnerability of the software for interacting with servers via CURL is related to the use of memory areas after they are freed. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
FIN7 Backdoor Masquerades as Ethical Hacking Tool
The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...
Zoho ManageEngine Desktop Central has an unspecified vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management.A security...
Authentication flaw
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server...
CVE-2020-28050
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server...
ZOHO ManageEngine Desktop Central 安全漏洞
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management.A security...
Malicious Package
npmpubman is a malicious package. The package contains malicious code in index.js which sends local environment variables to a remote server. The malicious code does not execute upon installation...
GHSA-4RX9-58M7-GR8W Malicious Package in css_transform_step
Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...