showdoc 跨站请求伪造漏洞

showdoc is an open source tool ideal for IT teams to share documents online. showDoc has a security vulnerability that can be exploited by attackers to perform request forgery CSRF attacks...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker can exploit the vulnerability to cause a device reboot...

Cross site scripting

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

OroCrm 跨站请求伪造漏洞

OroCrm is an open source Customer Relationship Management Crm application from Oro Corporation. It is used to create 360° views of customers across multiple channels, organize sales channels, manage account and contact information, communicate with customers, run marketing campaigns and track...

AZL-6605 CVE-2021-43975 affecting package kernel for versions less than 5.15.2.1-1

In the Linux kernel through 5.15.2, hwatlutilsfwrpcwait in drivers/net/ethernet/aquantia/atlantic/hwatl/hwatlutils.c allows an attacker who can introduce a crafted device to trigger an out-of-bounds write via a crafted length value...

Design/Logic Flaw

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...

kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...

U.S. Dept Of Defense: Unauthenticated Access to Admin Panel Functions at https://██████████/████████

Description: I discovered that the admin panel at https://████/█████ and all its functions can be accessed without authentication. Impact An attacker is able to use the administrative functions in order to upload, delete or modify files. System Hosts ████████ Affected Products and Versions ██████...

Protect your business from password sprays with Microsoft DART recommendations

Over the past year, the Microsoft Detection and Response Team DART, along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to fin...

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================...

Vim 缓冲区错误漏洞

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow...

CVE-2021-23449

The CVE-2021-23449 entry concerns the Node.js vm2 package (pre-3.9.4). A Prototype Pollution flaw allows an attacker to modify Object.prototype via proto /constructor payloads, which can lead to sandbox escape and execution of arbitrary code on the host. Impact is described as remote code executi...

Command injection

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a network operating system from Juniper Networks, Inc. for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS is vulnerable to an access control error, which results from a specific...

CVE-2021-40499

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

Cisco IOS XE Software 安全漏洞

Cisco IOS and Cisco IOS XE Software are both products of the U.S. company Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN,...

Open Redirect in zikula/core

Description Open Redirect on Login with parameter ?returnUrl= Proof of Concept POST /login?returnUrl=https://google.com HTTP/2 Host: demo.ziku.la Cookie: zsid=b6g4qa64983t2tg073uh1e1rjm User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

Ffmpeg 安全漏洞

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. a security vulnerability exists in Ffmpeg that could be exploited by an attacker to cause a denial of service or other unspecified impact...

PT-2021-22466 · Mitmproxy +1 · Mitmproxy +1

Name of the Vulnerable Software and Affected Versions: mitmproxy versions 7.0.2 and below Description: A malicious client or server can perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

Information disclosure

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information...