PT-2023-18949 · Huawei · Honor

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue is related to an information leak, where successful exploitation could cause the leak of information. There is no information provided about the estimated number of...

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper. Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an...

Google Android 信息泄露漏洞

Google Android is a Linux-based open source operating system from the U.S. company Google Google. Google Android has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information...

MGASA-2021-0565 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities. The chromium-browser-stable package has been updated to 96.0.4664.110 version that fixes multiples security vulnerabilities. One of these CVEs is known to be actively exploited. Insufficient data validation in Mojo...

CVE-2020-10199

creationtimestamp| type| source ---|---|--- 2020-04-16 00:38:18+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nexusrepomanagerelinjection.rb 2020-04-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48343 2021-01-06...

CVE-2020-2555

creationtimestamp| type| source ---|---|--- 2020-03-12 20:01:19+00:00| published-proof-of-concept| https://t.me/HackerOne/2626 2020-03-16 03:07:51+00:00| published-proof-of-concept| https://t.me/codebysec/2928 2020-05-12 00:13:56+00:00| exploited| https://t.me/techpwnews/630 2020-05-21...

PT-2019-6506 · Sangoma · Asterisk

Name of the Vulnerable Software and Affected Versions: Asterisk affected versions not specified Description: The issue allows calls on prohibited networks. There is no information available about the estimated number of potentially affected devices worldwide or real-world incidents where this iss...

CVE-2019-3731

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of...

SAPIDO RB-1732 Remote Command Execution

Exploit Title: SAPIDO RB-1732 command line execution Date: 2019-6-24 Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732 V2.0.43 Tested on: linux import requests...

CVE-2019-6814

creationtimestamp| type| source ---|---|--- 2019-05-22 20:48:28+00:00| seen| https://t.me/cvemitreorg/167 2019-07-22 19:56:03+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/schneiderelectricnet55xxencoder.rb 2019-07-29 00:00:00+00:00| exploited|...

CVE-2018-15710

creationtimestamp| type| source ---|---|--- 2019-02-05 08:36:44+00:00| published-proof-of-concept| https://t.me/antichat/3504 2019-06-25 21:32:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagiosximagpiedebug.rb 2019-06-26 00:00:00+00:00|...

CVE-2017-3629

creationtimestamp| type| source ---|---|--- 2017-06-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42270 2018-10-14 14:43:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/local/rshstackclashprivesc.rb 2018-10-16 00:00:00+00:00|...

New Research Refines Security Vulnerability Metrics

Adequate security metrics have seemingly been an unattainable goal, especially when it comes to software security. Too often, organizations simply rely on vulnerability counts for flaws disclosed in an operating system or popular application as a measure of its security. But too often, variables...

uPhotoGallery 1.1 - 'Slideshow.asp?ci' SQL Injection

source: https://www.securityfocus.com/bid/21319/info uPhotoGallery is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access...