Ping Identity PingID Mac Login 授权问题漏洞

Ping Identity PingID Mac Login is an authentication application from Ping Identity USA. A security vulnerability exists in Ping Identity PingID Mac Login versions prior to 1.1, which stems from an RSA misconfiguration that is susceptible to a pre-computed dictionary attack, leading to an offline...

Security Bulletin: IBM Spectrum Protect Server vulnerable to offline dictionary and brute force attacks (CVE-2022-22496, CVE-2022-22487)

Summary The IBM Spectrum Protect Server is vulnerable to an offline dictionary attack when using SESSIONSECURITY=TRANSITIONAL. The IBM Spectrum Protect Storage agent is vulnerable to a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrati...

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

MAL-2022-3286 Malicious code in gatsby-source-data-dictionary (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 609b9ce0046338f15cd270efb8914e5b4c3697afc1ac16fe9e0ac9d5ab9b2624 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

A new Golang-based peer-to-peer P2P botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware...

GHSA-FX7F-RJQJ-52PJ Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

GHSA-H22X-HM8G-RXPG Improper Restriction of XML External Entity Reference in Apache OpenNLP

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache...

ROS-20220516-04

Vulnerability of QuerySet.explain function of Django web application software platform is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity and availability o...

CVE-2022-30048

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter...

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...

CVE-2022-1013 Personal Dictionary < 1.3.4 - Unauthenticated SQLi

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...

CVE-2022-1013

CVE-2022-1013 concerns the WordPress Personal Dictionary plugin pre-1.3.4, where unsanitized POST data is interpolated into SQL statements, causing a blind SQL injection. The Nucleotide/Nuclei template and related references confirm a vulnerability in the plugin’s handling of user input, enabling...

WordPress plugin Personal Dictionary SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in the WordPre...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.2.27, which originates from a SQL injection vulnerability in the orderBy parameter of /dict/list.do...

Lukeed Dset 安全漏洞

Lukeed Dset is a codebase by the individual developer of Lukeed that can assign values to objects of dictionary type based on the Javascript language. A security vulnerability exists in all versions of Lukeed Dset, which can be exploited by an attacker to implement a prototype contamination attac...

CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2021-41993

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

CVE-2021-41993

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...