30 matches found
Security Bulletin: Multiple security vulnerability fixes in IBM webMethods Managed File Transfer On-Prem
Summary Multiple vulnerabilities were addressed as part of IBM webMethods Managed File Transfer on-prem in the latestfix MAT11.1ServerFix2 Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nimbus-jose-jwt-9.24.4.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nimbus-jose-jwt-9.24.4.jar Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header valu...
GHSA-GVPG-VGMX-XG6W Denial of Service in Connect2id Nimbus JOSE+JWT
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
CVE-2023-52428
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
PT-2024-3099 · Atlassian +1 · Confluence Data Center/Server +4
Name of the Vulnerable Software and Affected Versions: Connect2id Nimbus JOSE+JWT versions prior to 9.37.2 Confluence Data Center and Server versions prior to 7.19.23 Confluence Data Center and Server versions prior to 8.5.11 Confluence Data Center and Server versions prior to 8.6.2 Confluence Da...
Cisco / Dell / Netgear Information Disclosure / Hash Decrypter
Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...
Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy
Google has announced the general availability of client-side encryption CSE for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it,"...
Metasploit Weekly Wrap-Up
JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos in his...
Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML
The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity XXE attacks via a crafted XML DOCTYPE declaration...
Hidden-Cry - Windows Crypter/Decrypter Generator With AES 256 Bits Key
Windows Crypter/Decrypter Generator with AES 256 bits key Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable FUD - Don't Upload to virustotal.com! Legal disclaimer: Usage of Hidden-Cry for attacking targets without prior mutual consent is illegal. It's the end user's...
University Pays Hackers $20,000 to get back its Ransomware Infected Files
What's the worst that could happen when a Ransomware malware hits University? Last month, the IT department of the University from where I have done my graduation called me for helping them get rid of a Ransomware infection that locked down all its student's results just a day before the...
Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...
Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...
Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...
Ultimate PHP Board <= 1.9.6 GOLD users.dat Password Decryptor
No description provided by source. !/usr/bin/perl Passwords Decrypter for UPB = 1.9.6 Related advisory: http://www.securityfocus.com/archive/1/402461/30/0/threaded Discovered and Coded by Alberto Trivero Password file is located at: http://www.example.com/upb/db/users.dat /str0ke use Getopt::Std;...
Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...
Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...
CVE-2013-6440
The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity XXE attacks via a crafted XML DOCTYPE declaration...