Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and web/dashboard applications. Versions of Mattermost Plugins 2.1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from ...

EUVD-2019-13381

Malware in sbrugna...

EUVD-2017-12306

Malware in sbrugna...

6,500 Servers Expose Axis Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to...

CVE-2025-3218

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...

CVE-2025-3218 IBM i improper certificate validation

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...

Security Bulletin: IBM i is vulnerable to an authentication and authorization attack due to incorrect validation processing in IBM i Netserver [CVE-2025-3218].

Summary IBM i is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes...

Privilege Escalation

ASP.NET is vulnerable to Privilege Escalation. The vulnerability is due to improper authentication mechanisms due to insufficient validation, allowing an unauthorized attacker to elevate privileges over a network...

MGASA-2024-0343 Updated buildah, podman, skopeo packages fix security vulnerabilities

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management IAM services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential pro...

CVE-2023-6912

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords...

2023 identity security trends and solutions from Microsoft

Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we talk about on the team is “shiny object syndrome”—there are a ton of innovative and scary attacks and...

Protect your business from password sprays with Microsoft DART recommendations

Over the past year, the Microsoft Detection and Response Team DART, along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to fin...

CVE-2016-1567

CVE-2016-1567 affects chrony before 1.31.2 and 2.x before 2.2.1, where peer associations of symmetric keys are not verified when authenticating packets. This can enable remote impersonation attacks via an arbitrary trusted key (skeleton key). Public sources in the initial document describe the af...

@Mail 4.0/4.13 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14408/info @Mail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

Sql injection

Multiple SQL injection vulnerabilities in cmswrite.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 title and 2 menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication...

MKPortal 1.x (Multiple Modules) - Cross-Site Scripting

MKPortal 1.x Multiple Modules - Cross-Site Scripting source: https://www.securityfocus.com/bid/36216/info Multiple modules of MKPortal are prone to cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript cod...

e107 0.7.5 - search.php Cross-Site Scripting

e107 0.7.5 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18508/info e107 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12596/info ZeroBoard is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based...

vBulletin 3.0 - 'forumdisplay.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9888/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'forumdisplay.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may...