26 matches found
📄 Extensis Portfolio Manager 4.0.1 Shell Upload
This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...
EUVD-2009-4152
Malware in sbrugna...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...
Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities
AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...
CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability
...
PT-2024-9558 · Veeam · Veeam Backup & Replication
Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability exists that allows a user with a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...
Don’t Let Your Domain Name Become a “Sitting Duck”
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image:...
PT-2024-5323 · Ibm · Ibm App Connect Enterprise
Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 Description: The issue is related to the User Information Handler component of IBM App Connect Enterprise, which has authentication procedure weaknesses. This can allow a remote...
PT-2024-4156
Name of the Vulnerable Software and Affected Versions Veeam Agent for Microsoft Windows affected versions not specified Description The issue is related to weaknesses in the authentication procedure of Veeam Agent for Microsoft Windows, allowing for local privilege escalation. This can enable an...
PT-2024-10208 · Ibm · Ibm Security Reaqta
Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: The issue is related to weaknesses in the authentication procedure of IBM Security ReaQta, which could allow a remote attacker to disclose protected information. Specifically, IBM Security ReaQta...
PT-2023-4355 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: The issue is related to the ParameterVersionJavaSerializationCodec class in Inductive Automation Ignition, which is associated with weaknesses in the authentication...
PT-2023-3555 · Ibm · Ibm Robotic Process Automation
Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.6 IBM Robotic Process Automation versions 23.0.0 through 23.0.6 Description: The issue is related to weaknesses in the authentication procedure of the software. Exploitation of thi...
PT-2022-4923 · Dell Emc · Dell Emc Cloudlink
Name of the Vulnerable Software and Affected Versions: Dell EMC CloudLink versions prior to 7.1.2 Description: The issue is related to weaknesses in the authentication procedure, allowing a remote attacker with knowledge of active directory usernames to potentially gain unauthorized access to the...
PT-2021-6468 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of the Xen hypervisor. Exploitation of this issue allows an attacker to access confidential data, compromise its integrity, an...
CVE-2017-12251
A vulnerability in the web console of the Cisco Cloud Services Platform CSP 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines VMs operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation o...
openSUSE Security Update : tomcat6 (openSUSE-SU-2012:1700-1)
fix bnc793394 - bypass of security constraints CVE-2012-3546 - apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381 035 - fix bnc793391 - bypass of CSRF prevention filter CVE-2012-4431 - apache-tomcat-CVE-2012-4431.patch...
Moderate: Red Hat Security Advisory: jbossweb security update
An update for JBoss Enterprise Web Platform 5.2.0 which fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier,...
Design/Logic Flaw
Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...