13 matches found
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2025-14026
Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...
CVE-2025-14026
Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...
CVE-2025-14026 Vulnerable Python version used in Forcepoint One DLP Client
Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...
CVE-2025-14026
Summary (CVE-2025-14026): Forcepoint One DLP Client (version 23.04.5642 and potentially newer) ships with a restricted Python 2.5.4 runtime that blocks ctypes (FFI). The restriction was shown to be bypassable by reintroducing ctypes support, enabling potential arbitrary code execution via DLLs/me...
U.S. Dept Of Defense: Cross-Site Scripting via URL on ████████
A Cross-Site Scripting XSS vulnerability was discovered on a specific system through the GET method. The vulnerability allowed the injection of malicious scripts that could be executed. The provided payload demonstrated the vulnerability. The system host and affected products and versions were no...
brasseler.marcant.net Cross Site Scripting vulnerability OBB-3876483
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Watch: Flaw exploited to post fake COVID-19 clips from TikTok accounts
By Deeba Ahmed In their demonstration, researchers showed how they published fake COVID-19 videos from WHO and TikTok's official accounts. This is a post from HackRead.com Read the original post: Watch: Flaw exploited to post fake COVID-19 clips from TikTok accounts...
Apple iOS 6.1 - 2x PassCode Bypass Vulnerabilities
Document Title: =============== Apple iOS 6.1 - 2x PassCode Bypass Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=874 Advisory: http://www.vulnerability-lab.com/getcontent.php?id=875 View: http://www.youtube.com/watch?v=oKOj0GMf810 Release Date:...
ASP-DEv XM Diary SQL Injection
Exploit Title : ASP-DEv XM Diary SQL Injection Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Version : All Version Software Link : http://www.asp-dev.com/download.asp?did=2 Contact : [email protected] , [email protected] Security Ris...
Information disclosure
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...
BitchX 1.0c20 - Local Buffer Overflow
BitchX 1.0c20 - Local Buffer Overflow / Tested on BitchX-1.0c19 /str0ke / / P.o.C Exploit Code for BitchX made for Version BitchX-1.0c20cvs -- Date 20020325 C 2004. GroundZero Security Research and Software Development http://www.groundzero-security.com released under the GNU GPL -...
osCommerce 2.x - File Manager Directory Traversal
source: https://www.securityfocus.com/bid/10364/info osCommerce has a directory-traversal vulnerability that allows a remote attacker to possibly obtain sensitive information. The software improperly sanitizes user-supplied input and allows '../' directory-traversal character sequences when servi...