CVE-2026-20199

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

CVE-2026-21977

Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance component: Security. Supported versions that are affected are 23.1.0-23.1.202509. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2025-34211

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA and SaaS deployments contain a private SSL key and matching public certificate stored in cleartext. The key belongs to the hostname pl‑local.com and is used by the...

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence, real-time control panel and reporting. Fortinet FortiSandbox is vulnerable to a cross-site scripting vulnerability that stem...

SonicWall SMA100 安全漏洞

The Sonicwall SMA100 is a secure access gateway device from Sonicwall, Inc. A security vulnerability exists in the SonicWall SMA100 sonicfiles RACCOPYTO RacNumber 36 method that allows an unauthenticated, remote attacker to potentially execute code as the nobody user in the device. The...

IBM Security Access Manager Appliance 权限许可和访问控制问题漏洞

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM, USA. The product is mainly used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnosis. IBM Security Access Manager...

A week in security (October 12 – October 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potenti...

CVE-2017-1367

IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 1268...

Important: Red Hat Security Advisory: rhvm-appliance security and enhancement update

An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Root Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities that...

Raritan PowerIQ 4.1.0 - SQL Injection Vulnerability

Exploit for linux platform in category web applications =begin Raritan PowerIQ suffers from an unauthenticated SQL injection vulnerability within an endpoint used during initial configuration of the licensing for the product. This endpoint is still available after the appliance has been fully...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.or...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...

Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...

WD TV Live Hub Compromised - Multiple Vulnerabilities Found By Dr. Alberto Fontanella

WD TV Live Hub Compromised - Multiple Vulnerabilities Found By Dr. Alberto Fontanella Dr. Alberto Fontanella found on Western Digital WD TV Live Hub appliance with the last firmware installed 2.06.10 and 3 exploits to get admin password, deface appliance and get root shell: Author: Dr. Alberto...