Object Injection

wordpress is vulnerable to object injection. An attacker with the admin privilege can bypass explicit or additional hardening under certain conditions through object injection...

Spin缓冲区错误漏洞

Spin is an open source software verification tool . It is used for explicit state logic model checking. A security vulnerability exists in Spin that stems from an out-of-bounds write found to be included in spinlex.c's lex...

CVE-2021-43858

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the...

OESA-2021-1433 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packe...

openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

IBM Data Risk Manager User Credentials Plaintext Storage Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A user credentials plaintext storage vulnerability exists in IBM Data Risk Manager version 2.0.6. An attacker could exploit the vulnerability to read plaintext credentials...

SmartFTP Client 10.0.2909.0 - (Multiple) Denial of Service Exploit

Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Exploit Author: Eric Salario Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Version: 10.0.2909.0 32 and 64 bit Tested on: Microsoft Windows 10 32 bit and 64 bit...

Qualcomm 芯片 资源管理错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a resource management error vulnerability, whic...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

how to protect for weird erc20 tokens

Handle gpersoon Vulnerability details Impact The protocol only works as expected when the ERC20 tokens are well behaved. If rebasing tokens or malicious token contracts are used then unexpected results can happen. I don't see any code to restrict the tokens or verify the tokens. Proof of Concept...

SUSE SLES11 Security Update : openssl1 (SUSE-SU-2019:14171-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14171-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...

FreeBSD : PG Partition Manager -- arbitrary code execution (58b22f3a-bc71-11eb-b9c9-6cc21735f730)

PG Partition Manager reports : In the pgpartman aka PG Partition Manager extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit searchpath is not set. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Nextcloud: Default Nextcloud allows http federated shares

userA on serverA runs on http only 2. userA sends a federated share to userB on serverB 3. userB is a normal user so he has no clue that there is no secure transport used and accepts the share 4. all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far...

Tracing Network Traffic from Receiver for Web to StoreFront Services

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. This article describes how to obtain a Fiddler trace of the network traffic between the Receiver for...

How to Obtain Fiddler Trace Network Traffic between Receiver for Web and StoreFront

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article describes how to obtain a Fiddler trace of the network traffic between the Receiver for...

Using Zero Trust principles to protect against sophisticated attacks like Solorigate

The Solorigate supply chain attack has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor demonstrated sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure, but many...

X-rated social media app Fleek exposed explicit photos of users

By Waqas Fleek shut down its operation in 2019 but did not secure its server or remove users' data. Here's what was leaked and when. This is a post from HackRead.com Read the original post: X-rated social media app Fleek exposed explicit photos of users...

OpenJPEG Buffer Error Vulnerability

OpenJPEG is an open source C-based JPEG2000 codec. OpenJPEG suffers from a buffer error vulnerability that originates from the opjdwtcalcexplicitstepsizes function. An attacker could exploit this vulnerability could trigger a buffer overflow via opj dwt calculate OpenJPEG's explicit stepsizes to...

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today were rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatevers lurking in your mailbox. A full hou...