313 matches found
PT-2021-10299 · Laiketui · Laiketui
Name of the Vulnerable Software and Affected Versions: LaikeTui version 3 Description: The issue allows remote attackers to execute arbitrary code via the component "/index.php?module=member&action=add". This is a Cross Site Request Forgery CSRF issue. Recommendations: For LaikeTui version 3, as ...
DEPSTECH WiFi Digital Microscope 安全漏洞
DEPSTECH WiFi Digital Microscope is a wifi industrial endoscope from Shenzhen Shenzhen Deepsea Innovation Technology Co. A security vulnerability exists in the DEPSTECH WiFi Digital Microscope 3, which stems from the device allowing TELNET connections using the molinkadmin password for the molink...
[SECURITY] Fedora 33 Update: php-symfony3-3.4.49-1.fc33
Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...
Avaya Equinox Conferencing 安全漏洞
Avaya Equinox Conferencing is a conferencing support software from Avaya, USA. The software is a universal solution that includes all Avaya soft clients with the convergence of Avaya Aura Conferencing and Scopia for cell phones, browsers, desktops and conference room systems. A security...
Sonatype Nexus Repository Manager 跨站脚本漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Nexus Repository Manager version 3.x prior to 3.30.1, which can be exploited by an attacker...
Rails Sprockets 2.x < 2.12.5 / 3.x < 3.7.2 / 4.x < 4.0.0.beta8 Path Traversal
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
WAGO M&M Software fdtCONTAINER (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
CVE-2020-27978
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...
WECON LeviStudioU (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU --------- Begin Update C Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based...
Unspecified Vulnerability in RIPE NCC RPKI Validator (CNVD-2020-52431)
RIPE NCC RPKI Validator is an RPKI validator from RIPE NCC in the Netherlands. A security vulnerability exists in version 3.x of RIPE NCC RPKI Validator prior to 3.1-2020.07.06.14.28. A remote attacker could exploit the vulnerability to bypass access restrictions...
CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
Squid Security Update Advisory (SQUID-2020:4)
Squid is prone to multiple vulnerabilities in the HTTP Digest authentication. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
gyges.org Open Redirect vulnerability
Open Bug Bounty ID: OBB-1145820 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting gyges.org website and its users. Following coordinat...
Google Invisible RECAPTCHA 3 Spoof Bypass
Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit Author: Matamorphosis Tested on: Windows and...
Google Invisible RECAPTCHA 3 - Spoof Bypass
Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit Author: Matamorphosis Tested on: Windows and...
UBUNTU-CVE-2020-7045
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes...
Default credentials
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...
CVE-2019-14901
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability ...
[SECURITY] Fedora 31 Update: php-symfony3-3.4.35-2.fc31
Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...
PT-2019-4316 · Siemens +1 · Capital Embedded Ar Classic R20-11 +4
Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 All versions Capital Embedded AR Classic R20-11 All versions V2303 Nucleus NET All versions Nucleus ReadyStart V3 All versions V2017.02.3 Nucleus Source Code All versions Description: A vulnerability has be...