235 matches found
January 11, 2022—KB5009557 (OS Build 17763.2452)
None None...
CVE-2021-44153
An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...
Driver Disk for Qlogic qla2xxx 10.02.06.02-k - For Citrix Hypervisor 8.2 LTSR
Who Should Install this Driver Disk? Customers on non-Dell hardware running the Citrix Hypervisor 8.2 LTSR release who use Qlogic's qla2xxx driver and wish to use the latest version of the driver. Note: If you use Dell hardware, do not install this driver disk. This version of the driver disk is...
Hotfix XS82E015 - For Citrix Hypervisor 8.2
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| None Content live patchable| No Baselines for Live Patch| N/A Revision History| Published on Feb02, 2021 To...
Driver Disk for Cisco enic 4.0.0.11 - For Citrix Hypervisor 8.x CR
Who Should Install this Driver Disk? Customers running a Citrix Hypervisor 8.x release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Version ---|--- enic| 4.0.0.11 Issues Resolved In this Driver Disk Includes general enhancements and bug fixes...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link:...
Sickbeard 0.1 Cross Site Request Forgery
Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Mattermost Server Access Privilege Vulnerability
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. An attacker can exploit the vulnerability to gain access to API endpoints after a...
[slackware-security] bind
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.18-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: DNS rebinding protection was ineffective wh...
The vulnerability of the SAP HANA Extended Application Services development tool lies in insufficient validation of input data. This allows attackers to gain unauthorized access to information about internal network ports or trigger a server restart.
The vulnerability of the SAP HANA Extended Application Services development tool exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information about internal network ports or cause a serve...
Node.js third-party modules: Denial Of Service in Strapi Framework using argument injection
I would like to report Denial Of Service in Strapi Framework.It allows attacker to force restart the server using argument injection. Module module name: strapi version: 3.0.0-beta.18.3 and earlier npm page: https://www.npmjs.com/package/strapi Module Description The Strapi HTTP layer sits on top...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
Integer Overflow
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
ASLR Bypass
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Out-Of-Bounds Read
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
IBM Security Key Lifecycle Manager Authentication Missing Vulnerability
IBM Security Key Lifecycle Manager centralizes, simplifies and automates the encryption key management process, helping to minimize the risks and operational costs of encryption key management. An authentication missing vulnerability exists in IBM Security Key Lifecycle Manager. An unauthenticate...