3DP-MANAGER 信任管理问题漏洞

3DP-MANAGER is a proxy tool developed by DenPiligrim’s individual developers. Versions of 3DP-MANAGER 2.0.1 and earlier contained a vulnerability related to trust management. This vulnerability stemmed from the automatic creation of management accounts with known default credentials during the...

BIT-JENKINS-2021-21608

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with the ability to control button labels...

Remote Monitoring & Management software used in phishing attacks

Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

XWiki Platform Security Vulnerability

XWiki Platform is a suite of Wiki platforms from the XWiki Foundation in France for creating collaborative Web applications. A security vulnerability exists in XWiki Platform, which arises from the fact that an attacker with editing privileges on any document can move any attachment from any othe...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 allowing a remote code execution RCE attack when a configuration uses a JDBC Appender with a...

Mellium 安全漏洞

Mellium is a feature that provides functionality from the Extensible Messaging and Presence Protocol. Mellium suffers from a security vulnerability that could be exploited by an attacker to redirect WebSocket connection requests to a server under their control without causing TLS certificate...

Code injection

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2018-2633, CVE-2018-2634, CVE-2018-2603, CVE-2018-2602, CVE-2018-2579)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If you run your own Java code using the IBM Java...

Remote Control Vulnerability in HOLLYWOOD LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A remote control vulnerability exists in the HELISE LE5109L PLC, which can be exploited by an attacker to cause the PLC to be remotely controlled by constructing specific private protocol...

node-tkinter information disclosure vulnerability

node-tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in node-tkinter. An attacker can use this vulnerability to steal environment variables and send them to an address under the attacker's control...

GE Healthcare Centricity Clinical Archive Audit Trail Repository Trust Management Vulnerability

GE Healthcare Centricity Clinical Archive Audit Trail Repository is a General Electric GE clinical archive audit trail repository for the healthcare industry. A security vulnerability exists in the GE Healthcare Centricity Clinical Archive Audit Trail Repository that stems from the program's use ...