841 matches found
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
Tenda TX3 缓冲区错误漏洞
Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01, which originates from the startIp parameter of /goform/SetPptpServerCfg containing a stack overflow. No detailed vulnerability details are provided at this...
PT-2022-26710 · Tenda · Tenda Tx3
Name of the Vulnerable Software and Affected Versions: Tenda TX3 US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the endIp parameter at the "/goform/SetPptpServerCfg" API endpoint. Recommendations: For Tenda TX3 US TX3V1.0br V16.03.13.11 multi TDE01,...
Tenda TX3 缓冲区错误漏洞
Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01, which originates from the list parameter of /goform/SetVirtualServerCfg containing a stack overflow. No detailed vulnerability details are provided at this...
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
TL;DR This vulnerability only affects you if you are using the code or password-reset auth method with the auth.methods option. It can only be successfully exploited under server configuration conditions outside of the attacker's control. ---- Introduction User enumeration is a type of...
Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the Apex One web console. By navigating directly to a URL, a user can bypass authorization...
Updated jupyter-notebook packages fix security vulnerability
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. CVE-2018-19351 It was discovered that Jupyter Notebook...
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities
The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previousl...
Stored XSS in 'Table name' field via Database information function
Description When the administrator uses the Database information function, malicious code will be accidentally called and executed through two cases: 1. 1 An internal attacker local with access right to the database could insert malicious content into the table name field by creating a table in t...
CVE-2022-36306
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...
Airspan AirVelocity 1500 安全漏洞
The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks into indoor spaces A security vulnerability exists in the Airspan AirVelocity 1500 versions 9.3.0.01249 and 15.18.00.2511, which originates from an...
CVE-2022-31109
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...
CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...
CVE-2022-32155
In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the...
CVE-2022-1360
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...
Code injection
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...
CVE-2022-1360
The CVE-2022-1360 issue affects Cambium Networks cnMaestro On-Premises and is an OS Command Injection vulnerability in the cnMaestro server that could allow an unauthenticated attacker to execute code and change server configuration. Public sources detail affected versions (On-Premises prior to 3...
CVE-2022-1360 Cambium Networks cnMaestro OS Command Injection
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...
Deserialization of Untrusted Data in Infinispan
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
GHSA-QQFC-M9HC-PQV3 Deserialization of Untrusted Data in Infinispan
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...