Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka nodes are vulnerable to privilege escalation [CVE-2024-31141]

Summary The Apache Kafka client is used by IBM App Connect Enterprise Certified Container for the Kafka client nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run toolkit flows containing Kafka nodes are vulnerable to privilege...

Security Bulletin: Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as a system queue. This bulletin identifies the fixes to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ Operator...

FleetCart 4.1.1 Information Disclosure Vulnerability

Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Windows 11 Pro 22H2...

FleetCart 4.1.1 Information Disclosure

Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 13/05/2024 Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Window...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Lỗ hổng Phân Quyền Không Chính Xác trong Conflu...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Improper Authorization Vulnerability in Conflue...

PlayTube 3.0.1 Information Disclosure Vulnerability

Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714 CWE: CWE-200 -...

CVE-2022-1746 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

GitHub Security Lab: CPP: Add query for CWE-266 Incorrect Privilege Assignment

This bug was reported directly to GitHub Security Lab...

HanYazilim Paper Submission System .NET 1.0 Shell Upload

Exploit Title : HanYazilim Paper Submission System .NET v1.0 Privilege Escalation / Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/02/2019 Vendor Homepage : hanyazilim.com Software Information Link : hanyazilim.com/hakemlimakaletakipsistemi.pdf...

Calamp.com Incorrect Privilege Assignment

There is also a full write up on https://medium.com/@evstykas/remote-smart-car-hacking-with-just-a-phone-2fe7ca682162 Vulnerability Security Advisory ======================================================================= title: Incorrect Privilege Assignment product: lenderoutlook on...