KLA12152 ACE vulnerability in Microsoft Developer Tools

A remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-28448 Related products Microsoft-Visual-Studio CVE list CVE-2021-28448 high KB list Solution Install necessary updat...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Cosori Smart...

KLA12141 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerabili...

KLA12146 RCE vulnerability in Microsoft Developer tools

A remote code execution vulnerability was found in Microsoft Developer tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-28448 Related products Microsoft-Visual-Studio CVE list CVE-2021-28448 critical KB list Solution Install necessary...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update Oct 2020 CVE-2020-14781

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition 8 that is used by Rational Application Developer®. The issue was disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: Vulnerability Detected in IBM SDK, Java Technology Edition, CVE-2020-2601

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition 8, that is used by Rational Application Developer®. The issue was disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability Details CVEID: CVE-2020-2601 DESCRIPTION: An unspecified vulnerability in Oracle Jav...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update Jul 2020

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in Jul 2020. Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An unspecified vulnerability in...

Getting started with ZAP and the OWASP top 10: common questions

I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the email, I asked if I could repost it here because I...

rNote vulnerable to cross-site scripting

Overview rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an advisory for this...

Click Ranker vulnerable to cross-site scripting

Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...

JVN#83042295: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...

JVN#97370614: MagazinegerZ vulnerable to cross-site scripting

MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...

CVE-2021-28824

The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions o...

CVE-2021-28823

The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating...

CVE-2021-28820

The FTL Server tibftlserver, FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker...

CVE-2021-28817

The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The...