243 matches found
CVE-2020-4821
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...
Authentication flaw
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...
CVE-2020-4821
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...
CVE-2020-4821
This CVE-2020-4821 affects IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1. The vulnerability allows authentication bypass when configured to use LDAP with anonymous binding, via an empty password. IBM bulletins (Security Bulletin: IBM Data Replication ...
Glassdoor: CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com
Summary: It is possible load an arbitrary .css file. Bypassing the protections by adding the domain https://www.glassdoor.com in a parameter/path. Affected URL or select Asset from In-Scope: -...
IBM Datacap Taskmaster Capture SQL Injection Vulnerability
IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...
Sql injection
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...
CVE-2021-3473
An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...
CVE-2021-3417
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...
CVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...
CVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...
Lenovo Lenovo XClarity Administrator Information Disclosure Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product provides agentless hardware management for servers, storage, network switches, and more. An information disclosure vulnerability exists in Lenovo XClarity Administrator, which stems fr...
CTXReports
CTXReports Tool Version 1.0 Created Date: January 30, 2009 Updated Date: January 30, 2009 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to...
Shopify: Bypass For #997350 your-store.myshopify.com preview link is leak on third party website Via Online Store
Hi Security Team, Description Full Description in 997350 The owner of that website can perform a security compromise by grabbing those links. Solution: The solution is very very SIMPLE. Just include the following HTML code in the following in code between tags of the html of the page: This will n...
[SECURITY] Fedora 30 Update: wireshark-3.2.3-1.fc30
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
CVE-2019-16273
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge adb, leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the...
Code injection
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge adb, leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the...
CVE-2019-16273
DTEN D5/D7 devices pre-1.3.4 are vulnerable to unauthenticated root shell access via Android Debug Bridge (ADB), enabling arbitrary code execution and system administration. The issue also enables a covert ability to capture Windows Zoom Client data by executing commands on the Android OS. Affect...
CVE-2019-16273
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge adb, leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the...
Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials
Clickjacking is a malicious hacking technique where attackers can acquire sensitive data. Through simple social engineering techniques these links can be sent out to unsuspecting customers to steal their credentials or perform actions on their accounts. For this example I saw that where I goto...