167 matches found
The Value of Old Systems
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting...
GHSA-C438-6F6R-PG8W 4thline cling uPnP protocol issue can lead to denial of service
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers...
4thline cling uPnP protocol issue can lead to denial of service
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers...
GHSA-PH3V-2HQ5-5QFQ Code injection in RazorEngine
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...
Code injection in RazorEngine
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...
CVE-2021-46703
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...
Vendor Stream Wrapper - Moderately critical - Unsupported - SA-CONTRIB-2022-019
This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...
CISA Adds Single-Factor Authentication to the List of Bad Practices
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattack...
Lionwiki Security Vulnerabilities
Lionwiki is a small wiki builder based on file templates written in Php by the Lionwiki team. A security vulnerability exists in LionWiki versions prior to 3.2.12 that allows an unauthenticated user to read files as a web server user by creating strings in the index.php f1 variable i.e. local fil...
CVE-2020-7351
An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the “asterisk” user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...
Nodeaccess - Critical - Unsupported - SA-CONTRIB-2019-009
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466...
SugarCRM 6.5.26 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...
Microsoft Edge Legacy Browser SEoL
The remote host has an install of Microsoft Edge Legacy, a web browser, which is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable, Inc...
VChess - Critical - Module Unsupported - SA-CONTRIB-2018-009
The Drupal VChess module allows users to play a chess game. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...
Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096
This module adds a new organizational layer to Drupal, making it easy for managing large numbers of files and nodes. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in...
Apple Deprecates QuickTime For Windows, Won't Patch New Flaws
The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product for the Microsoft platform. US-CERT today pushed out an alert advising QuickTime for Windows users that the only...
Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...
Advance-Flow vulnerable to SQL injection
Overview Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
Microsoft SharePoint Server Unsupported Version Detection
The remote host has an unsupported version of SharePoint Server installed. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if...
Safari Unsupported
The remote Windows host has an install of Safari, a web browser. While there has been no formal announcement, Apple appears to have discontinued support for Safari on Windows and has not released any updates since version 5.1.7 in May 9, 2012. Lack of support implies that no new security patches...