CVE-2022-35453

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c08a6...

CVE-2022-35478

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea...

CVE-2022-35484

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f...

CVE-2022-35477

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954...

Design/Logic Flaw

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...

CVE-2021-44720

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...

CVE-2021-44720

Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12 stores administrator passwords in the HTML source of the Maintenance > Push Configuration > Targets > Target Name screen (targets.cgi). This enables a read-only administrative user to escalate to a read-write administrative rol...

PT-2022-12211 · Ivanti · Ivanti Pulse Secure Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Ivanti Pulse Secure Pulse Connect Secure PCS versions prior to 9.1R12 Description: The administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen, allowing a read-on...

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute...

Insecure SignatureDecoder.recoverKey method

Lines of code Vulnerability details Impact The SignatureDecoder.recoverKey function can return address0 and incur errors, so it is considered insecure. Proof of Concept For example, in Project.checkSignatureValidity a signature could be accepted as valid if any of the addresses used have not yet...

Design/Logic Flaw

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

WordPress plugin Project Source Code Download 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

[SECURITY] Fedora 36 Update: golang-x-lint-0-17.20210123git83fdc39.fc36

Golint is a linter for Go source code...

Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

Upgraded Q -> M from 9 [1659036743700]

Judge has assessed an item in Issue 9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised, th...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

Driver Disk for Cisco enic 4.2.0.26 - For Citrix Hypervisor 8.2 LTSR

Who Should Install this Driver Disk? Customers running the Citrix Hypervisor 8.2 LTSR release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Version ---|--- enic| 4.2.0.26 Issues Resolved In this Driver Disk Includes general enhancements and bug...