PT-2022-25723 · Sap · Sap 3D Visual Enterprise Viewer

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue arises due to improper memory management. When a victim opens a manipulated Scalable Vector Graphic .svg, .svg.x3d file from untrusted sources, it can trigger a Remote Code...

SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A buffer overflow vulnerability...

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

Massive Multi-Vector 1.37 Tbps DDoS Attack Mitigated by Imperva DDoS Protection

On July 22, an Imperva customer was targeted by a network DDoS attack that reached a maximum bandwidth of 1.37 trillion bits per second Tbps, making it one of the largest attacks that Imperva has stopped and one of the larger DDoS attacks on record. The attack lasted a little over two hours in...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization i...

Security Bulletin:IBM TRIRIGA Application Platform discloses possible path command execution(CVE-2021-41878)

Summary Tririga discloses possible path command execution Vulnerability Details IBM X-Force ID: 89068 DESCRIPTION: Multiple Android Superuser packages contain an unspecified vulnerability related to a search path which could allow a local attacker to execute arbitrary commands on the system with...

CVE-2022-1755

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

WordPress plugin SVG Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Frontend File Manager < 21.4 - File Upload via CSRF

The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf PoC The file won't show up via the frontend/backend, but will be uploaded in the user folder ie in wp-content/uploads/useruploads//payload.pdf...

PT-2022-14088 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support WordPress plugin versions prior to 2.5 Description: The issue arises from the improper handling of SVG files added via a URL, potentially allowing users with a role as low as author to perform Cross-Site Scripting attacks...

Security Bulletin: IBM Smart Analytics System 5600 clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)

Abstract These vulnerabilities are only applicable to Java deployments where untrusted code may be executed e.g. Java applets running in a web browser. Content VULNERABILITY DETAILS CVE IDs: CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823 DESCRIPTION: The IBM Smart Analytics System 560...

Security Bulletin: IBM Workload Deployer - Security vulnerability found in the command-line interface (CVE-2013-5455)

Abstract A security vulnerability found in the command-line interface allows users with read-only rights to delete, start, and stop any virtual system. Content Authenticated users of IBM Workload Deployer 3.1.0.0 and later with lesser privilege roles can use the command-line interface to perform...

Security Bulletin: GSKit certificate chain vulnerability in IBM Security Directory Server and Tivoli Directory Server (CVE-2013-6747)

Abstract A vulnerability has been identified in the GSKit component utilized by IBM Security Directory Server ISDS and IBM Tivoli Directory Server TDS. A malformed certificate chain can cause the ISDS or TDS client application or server process using GSKit to hang or crash. Remediation for the...

GHSA-GMHJ-XJFH-CF6M Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

Cross site scripting

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

CVE-2022-35251

CVE-2022-35251 affects Rocket.Chat ( Rocket.Chat