460 matches found
AEGON LIFE v1.0 Life Insurance Management System - SQL injection Vulnerability
Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON LIFE v1.0 Tested...
Creating Secure CRM Pipelines in Construction: Best Practices and Essential Strategies
Secure your construction company's CRM pipeline to protect client data and streamline operations. A specialized CRM enhances communication, reduces errors, and supports scalable growth with advanced security features and automation tools...
OpenSSL 1.0.0 < 1.0.0b Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.0b. It is, therefore, affected by a vulnerability as referenced in the 1.0.0b advisory. - Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are...
CVE-2024-1873
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-1873
CVE-2024-1873 affects parisneo/lollms-webui (version a9d16b0) via an exposed /select_database endpoint that mishandles file paths when interacting with the DiscussionsDB, enabling path traversal and potential denial of service. Attackers can specify absolute paths to create directories anywhere t...
LoLLMs Security Vulnerabilities
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version a9d16b0, which stems from vulnerability to path traversal and denial-of-service attacks, which can lead to server startup failures and client...
GNU Savane 安全漏洞
GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...
SUSE CVE-2021-47095
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...
DEBIAN-CVE-2021-47095
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...
CVE-2021-42146
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive...
PT-2024-11024 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS through master branch 53a0d97 Description: An issue was discovered in DTLS servers, allowing remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347...
CVE-2023-6660
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
多款Cisco产品 跨站脚本漏洞
Cisco AsyncOS and Cisco Secure Email are both products of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices.Cisco Secure Email is the Cisco Secure Email formerly known as Email Security provides the best protection for your email from network threats. A cross-site scripting...
Flask 安全漏洞
Pallets Project Flask is a lightweight WSGI Web Server Gateway Interface application framework from the Pallets Project. A security vulnerability exists in Flask where a data response for one client may be cached and later sent by a proxy to other clients...
Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom
By Habiba Rashid Ferrari, the renowned Italian luxury car manufacturer, suffered a cyber incident that compromised the companys client data. According… This is a post from HackRead.com Read the original post: Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom...
ALPINE-CVE-2022-41317
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...
DEBIAN-CVE-2022-41317
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...
Hackers Breach TPG Telecoms’ Email Host to Steal Client Data
By Habiba Rashid The TGP telecom giant based in North Ryde, Australia revealed that up to 15,000 iiNet and Westnet business customers have been impacted by the breach. This is a post from HackRead.com Read the original post: Hackers Breach TPG Telecoms Email Host to Steal Client Data...
CVE-2022-34354
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...