CVE-2022-47501 Apache OFBiz: Arbitrary file reading vulnerability

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07...

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server suffers from a security vulnerability that stems from a Git connection checker that can initiate an SMB connection, leading to an NTLM relay attack...

WEF - Wi-Fi Exploitation Framework

A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated hash cracking, bluetooth hacking and much more. I recommend you my alfa adapter: Alfa AWUS036ACM , which works really great with both, 2.4 and 5 Ghz Tested and supported in...

IBM Cloud Pak for Security Command Execution Vulnerability

IBM Cloud Pak for Security is an application from IBM USA, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability that could be exploited by a...

New NTLM Relay Vulnerability in Chrome, Java, Applications Running on Windows System Platforms

Java is an object-oriented programming language.Google Chrome is a fast, secure and free web browser. Chrome, Java, an application running on the Windows system platform, suffers from a new type of NTLM Relay vulnerability.NTLM authentication is a common authentication protocol in Microsoft Windo...

CVE-2018-14659

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...

Which? Magazine recommends vulnerable smart home camera

You’ll already know that we have a keen interest in smart home camera security. Our recent work on Swann and FLIR cameras showed how it could be trivially easy to spy on people through their security cameras. Which? Magazine has a well-earned reputation for providing product reviews for consumers...

Web Content Management List.php strTable Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14464/info Web content management is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of...

PHPODP 1.5 - 'ODP.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17976/info phpODP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

CORE-2004-0705: Vulnerabilities in PuTTY and PSCP

Core Security Technologies Advisory http://www.coresecurity.com Vulnerabilities in PuTTY and PSCP Date Published: 2004-08-04 Last Update: 2004-08-04 Advisory ID: CORE-2004-0705 Bugtraq ID: None currently assigned. CVE Name: None currently assigned. Title: Vulnerabilities in PuTTY and PSCP Class:...

vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting

source: https://www.securityfocus.com/bid/10602/info VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts. An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by...

CVE-2003-0332

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension...

Cisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdt56514, CSCdv66718)

The remote VPN concentrator is vulnerable to an internal PPTP / IPSEC authentication login attack. This vulnerability is documented as Cisco bug ID CSCdt56514. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help include"compat.inc"; ifdescription...

CVE-2002-2082

FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users...