PT-2026-43625

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

PT-2026-41346

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

EUVD-2021-34796

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

PYSEC-2026-131

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

EUVD-2006-4333

Malware in sbrugna...

PT-2024-35439 · Dcme-320 +3 · Dcme-320 +3

Name of the Vulnerable Software and Affected Versions: DCME-320 versions prior to 7.4.12.90 DCME-520 versions prior to 9.25.5.11 DCME-320-L versions prior to 9.3.5.26 DCME-720 versions prior to 9.1.5.11 Description: The issue allows for Remote Code Execution and Privilege Escalation via the...

PT-2024-35434 · Dcme-320 +3 · Dcme-320 +3

Name of the Vulnerable Software and Affected Versions: DCME-320 versions 7.4.12.90 and earlier DCME-520 versions 9.25.5.11 and earlier DCME-320-L versions 9.3.5.26 and earlier DCME-720 versions 9.1.5.11 and earlier Description: The issue allows for Remote Code Execution via the...

CVE-2021-41309

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...

UPDATE: Sysdig Falco v0.14.0

PenTestIT RSS Feed Recently, an updated version - Sysdig Falco v0.14.0 - was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. What is Sysdig Falco? Sysdig Falco is an open source, behavioral activity monitor...

DEBIAN-CVE-2006-4345

Stack-based buffer overflow in channels/chanmgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint AUEP response...

CVE-2006-4345

Stack-based buffer overflow in channels/chanmgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint AUEP response...