Protect your business from password sprays with Microsoft DART recommendations

Over the past year, the Microsoft Detection and Response Team DART, along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to fin...

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================...

Vim 缓冲区错误漏洞

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow...

CVE-2021-23449

The CVE-2021-23449 entry concerns the Node.js vm2 package (pre-3.9.4). A Prototype Pollution flaw allows an attacker to modify Object.prototype via proto /constructor payloads, which can lead to sandbox escape and execution of arbitrary code on the host. Impact is described as remote code executi...

Command injection

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a network operating system from Juniper Networks, Inc. for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS is vulnerable to an access control error, which results from a specific...

CVE-2021-40499

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

Cisco IOS XE Software 安全漏洞

Cisco IOS and Cisco IOS XE Software are both products of the U.S. company Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN,...

Open Redirect in zikula/core

Description Open Redirect on Login with parameter ?returnUrl= Proof of Concept POST /login?returnUrl=https://google.com HTTP/2 Host: demo.ziku.la Cookie: zsid=b6g4qa64983t2tg073uh1e1rjm User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

Ffmpeg 安全漏洞

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. a security vulnerability exists in Ffmpeg that could be exploited by an attacker to cause a denial of service or other unspecified impact...

PT-2021-22466 · Mitmproxy +1 · Mitmproxy +1

Name of the Vulnerable Software and Affected Versions: mitmproxy versions 7.0.2 and below Description: A malicious client or server can perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

Information disclosure

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information...

OTRS 跨站脚本漏洞

OTRS is a service management software application from OTRS Germany. OTRS AG OTRS has a security vulnerability that originates from a request that can be generated for the appointment editing screen. An attacker could exploit the vulnerability to cause an XSS attack...

CVE-2021-36235

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges...

CVE-2021-36235

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges...

UBUNTU-CVE-2021-21849

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked...

mootools 安全漏洞

mootools is a library for web development with OOP support. A security vulnerability exists in mootools that allows an attacker to pass untrusted input to the application's Object.merge...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a cross-site request forgery vulnerability, which can be exploited by attackers to conduct cross-site request forgery attacks...

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...