15 matches found
EUVD-2026-31011
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
Terrapack HTTP Module Helpers
This is a Metasploit module that is intended to automate interaction with Terrapack web services. It does not exploit any actual issue but is meant for facilitation of testing...
PT-2026-3632
IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system...
EUVD-2002-1750
Malware in sbrugna...
CVE-2023-38716
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system...
CVE-2024-42457
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...
Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...
Cybercriminals' Favorite Bulletproof VPN Service Shuts Down In Global Action
Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre EC3, announced today the coordinated takedown of Safe-Inet, a popular virtual private network VPN service that was used to facilitate criminal activity. The three domai...
Information disclosure
IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 133123...
[SECURITY] Fedora 26 Update: rpcbind-0.2.4-7.rc1.fc26
The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine...
SAP TREX Information Disclosure Vulnerability
SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. An information disclosure vulnerability exists in version 7.10 of SAP TREX, which could be exploited by attackers to obtain sensitive information or launch further attacks...
Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities
Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...
Fools Workshop Owls Workshop 1.0 - readingsindex.php Arbitrary File Access
Fools Workshop Owls Workshop 1.0 - readingsindex.php Arbitrary File Access source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI...