PT-2024-10904 · Amd · Asp Kernel

Name of the Vulnerable Software and Affected Versions: ASP kernel affected versions not specified Description: Insufficient access controls in the ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas,...

quarkus-core leaks local environment variables from Quarkus namespace during application's build

A vulnerability was found in the quarkus-core component. Quarkus captures the local environment variables from the Quarkus namespace during the application's build. Thus, running the resulting application inherits the values captured at build time. However, some local environment variables may ha...

CVE-2024-2700 Quarkus-core: leak of local configuration properties into quarkus applications

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

TeamPass information exposure vulnerability

TeamPass prior to 3.0.10 allows unauthenticated actors to view application-specific and user data and files by viewing an endpoint directory listing...

CVE-2021-32688

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications e.g. DAV sync clients, and can also be configured by the user to not have any...

Boost: Buffer overflow

Background Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Description It was discovered that Boost incorrectly sanitized ‘nextsize’ and ‘maxsize’ parameter in orderedmalloc function when allocating memory. Impact A remote attacker could provide ...

Radancy: [www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints

https://werkenbijderet.nl/vacature-alert lacked a properly configured application specific tuned rate limiting defense mechanism. Because the speed limit was set very high, it was possible to send thousands of mails within 10 minutes. The fix was to implement a middleware which throttles requests...

Samsung is working on producing cryptocurrency mining chips

By Uzair Amir Samsung cryptocurrency mining chips called application-specific integrated circuits ASICs will This is a post from HackRead.com Read the original post: Samsung is working on producing cryptocurrency mining chips...

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

Revive Adserver REVIVE-SA-2017-001 generic RCE attack vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit this...

Cross site scripting

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a 1 tag or 2 EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting XSS attacks via application-specific vectors...

CVE-2013-5855

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a 1 tag or 2 EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting XSS attacks via application-specific vectors...

CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

CVE-2013-6385

CVE-2013-6385 affects Drupal 6.x before 6.29 and 7.x before 7.24. The Form API may perform validation even when CSRF validation has failed, when used with unspecified third‑party modules, potentially enabling remote attackers to trigger application‑specific impacts such as arbitrary code executio...

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...

2-step verification, Advanced sign-in security for your Google account !

Has anyone you know ever lost control of an email account and inadvertently sent spam—or worse—to their friends and family? There are plenty of examples like the classic "Mugged in London" scam that demonstrate why it's important to take steps to help secure your activities online. Your Gmail...

IA WebMail Server 3.x - iaregdll.dll 1.0.0.5 Remote Overflow

IA WebMail Server 3.x - iaregdll.dll 1.0.0.5 Remote Overflow !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit Application Specific Shellcode: URL Downloader - www elitehaven net/ncat.exe downloaded - c:\nc.exe created By Peter Winter-Smith peter4020 hotmail com Shellco...

FreeBSD 3.1 / Solaris 2.6 - Domain Socket

// source: https://www.securityfocus.com/bid/456/info Solaris 2.6 and many other unices/clones have a serious problem with their unix domain socket implementation that has it's origins in old BSD code. Any unix socket created by any application is set mode 4777. In Solaris versions 2.5 and earlie...