33 matches found
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the crc32combinegen64 function. An attacker can cause excessive CPU consumption by providing negative argument that triggers a loop with no termination condition. Remediation Upgrade zlib to version 1.3.2 or higher...
LinuxPrivEscToolkit
🛡️ Linux Privilege Escalation Toolkit !Pythonhttps://img.s...
CVE-2018-18406
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...
EUVD-2018-10135
Malware in sbrugna...
EUVD-2024-43125
Malicious code in bioql PyPI...
Dragonfly incorrectly handles a task structure’s usedTrac field
Impact The processPieceFromSource method figure 4.1 is part of a task processing mechanism. The method writes pieces of data to storage, updating a Task structure along the way. The method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
CVE-2024-48878
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...
CVE-2024-48878
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...
CVE-2024-48878 SQL Injection
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...
CVE-2024-48878 SQL Injection
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...
PT-2024-33254 · Zohocorp · Zoho Manageengine Admanager Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7241 and prior Description: The issue is related to SQL Injection in the Archived Audit Report. This allows for potential exploitation. Recommendations: For versions 7241 and prior, update to a...
ZOHO ManageEngine ADManager Plus 安全漏洞
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
Etcd pkg Insecure ciphers are allowed by default
Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd contains insecure cipher suites. Users can configure the desired ciphers using the “--cipher-suites” flag, and a default list of secure cipher suites is used if empty. Workarounds By default, no action is required. If...
GHSA-2XHQ-GV6C-P224 Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
Vulnerability type Denial of Service Detail The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesti...
Mesh-Kridik - An Open-Source Security Checker That Performs Various Security Checks On A Kubernetes Cluster With Istio Service Mesh And Is Leveraged By OPA (Open Policy Agent) To Enforce Security Rules
Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and outputs a security report. The security checks tests are the full implementation of istio security best practic...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
Design/Logic Flaw
DISPUTED A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts...
PT-2021-20095 · Manageengine · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus version 6.1 Build No: 6101 Description: A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus can be exploited by an unauthenticated user. The j username parameter seems to be...
Auditors: Feds’ Cybersecurity Gets the Dunce Cap
Out of eight U.S. federal agencies identified two years ago with critical cybersecurity failures, seven still don’t meet basic standards, a new audit report found. The Federal government’s overall posture was given just a C-. Audited agencies included the Departments of State, Homeland Security,...