DAQFactory Deserialization Vulnerability

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. An attacker can exploit this vulnerability to corrupt...

[SECURITY] Fedora 34 Update: qt-4.8.7-61.fc34

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

Late last week, the Open Web Application Security Project OWASP released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on...

5 #TrendTips for Open Source Security

You use many application development tools to create your next masterpiece, but you also need to ensure you're not bringing open source security risks into the equation. Find out how in this article...

Unspecified Vulnerability in IBM Cloud Pak for Applications (CNVD-2021-51808)

IBM Cloud Pak for Applications is an application from IBM America, Inc. Provides cloud-native development solutions that deliver value quickly. A security vulnerability exists in IBM Cloud Pak for Applications v4.3, which can be exploited by attackers to obtain sensitive information...

HisiPHP cross-site scripting vulnerability (CNVD-2021-49144)

HisiPHP is a ThinkPHP and Layui based on the development of a common back-end management framework open source and free , the default integration of permissions management , module management , plug-in management , hooks management , database management and other commonly used features to...

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall WAF is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litan...

Pegasystem PEGA Platform Access Control Error Vulnerability (CNVD-2021-30581)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. An access control error vulnerability...

[SECURITY] Fedora 34 Update: qt-4.8.7-60.fc34

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

QCubed 3.1.1 SQL Injection Vulnerability

QCubed SQL Injection ================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology | SUMMARY...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307

CVE-2021-21307 : Lucee Admin has an unauthenticated remote code execution vulnerability in Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. The issue is fixed in those versions; a workaround is to block access to the Lucee Administrator. Public exploitation templates (e.g., an unordere...

CVE-2021-23272 TIBCO BPM Cross Site Scripting (XSS)

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting XSS attack o...

What’s New in InsightAppSec and tCell: Q4 2020 in Review

It’s crazy to believe 2020 has come to an end, and we’re sure we’re not alone in our excitement for 2021! Without a doubt, 2020 has presented some challenges for us all in the security world, as many companies quickly adopted a work-from-home model and pivoted from an in-store experience quickly ...

Pegasystem Pega Platform Cross-Site Scripting Vulnerability (CNVD-2021-28267)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A cross-site scripting vulnerability...

CVE-2020-14764

Vulnerability in the Hyperion Planning product of Oracle Hyperion component: Application Development Framework. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning...

OpenJS Electron Security Bypass Vulnerability (CNVD-2021-21922)

OpenJS Electron is the OpenJS Foundation of an open source framework for desktop GUI application development . A security vulnerability exists in the contextIsolation module in OpenJS Electron versions prior to 7.2.4, prior to 8.2.4, and prior to 9.0.0-beta21. An attacker can exploit the...

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

Design/Logic Flaw

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...