10 matches found
CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
Quantifying Log4Shell: Vulnerability on a Massive Scale
The Log4Shell vulnerability is here to stay. There is a lot of speculation about the scope and true impact of the vulnerability: While many have labeled it “severe,” information is limited on how widespread the risk is. In order to shed some light on the issue, Akamai Threat Labs is utilizing its...
Russia’s SolarWinds Attack
Recent news articles have all been talking about the massive Russian cyberattack against the United States, but thats wrong on two accounts. It wasnt a cyberattack in international relations terms, it was espionage. And the victim wasnt just the US, it was the entire world. But it was massive, an...
Protecting Customers From Online Threats
Allison Miller of PayPal’s Global Risk Management group discusses the challenges of keeping the service’s customers safe online in a session at the SOURCE conference in Boston...
activecal120-multi.txt
ActiveCalendar 1.2.0, Multiple vulnerabilities Vendor site : http://www.micronetwork.de/activecalendar/ Global risk : Critical Multiples XSS : --------------- /activecalendar/data/page.php?css="alertdocument.cookie In : /data/ flatevents.php js.php mysqlevents.php m2.php m3.php m4.php xmlevents.p...
sitex multiple vulnerabilities
global risk:critical upload vulnerability: in user profile upload an avatar with a double extension like : file.php.jpg once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy in /. but the last extension jpg will be removed by the script, and stored in :...
abittraversed.txt
vendor site: http://www.unverse.net/abitwhizzy/ product : aBitWhizzy bug:local file include global risk : high http://site.com/abitwhizzy.php?f=../../../../../../../etc/passwd laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...
aBitWhizzy (abitwhizzy.php) Information Disclosure Vulnerability
Exploit for unknown platform in category web applications ================================================================ aBitWhizzy abitwhizzy.php Information Disclosure Vulnerability ================================================================ aBitWhizzy local file include vendor site:...
aiocp13007.txt
AIOCP '"alertdocument.cookie - /public/code/cpforumview.php?fmode=top&topid=53&forid='"alertdocument.cookie - /public/code/cpforumview.php?fmode=top&topid=53&forid=23&catid='"alertdocument.cookie - /public/code/cpdpage.php?choosedlanguage='"alertdocument.cookie -...
Vulnerability in the way [email protected] handles MS-Logon Authentication.
AGR IT Advisory May 2, 2006 AGR-ADV-2006-01 TITLE: Vulnerability in the way [email protected] handles MS-Logon Authentication. Overview Deon Force discovered a vulnerability in Ultr@VNC 1.0.1 and earlier versions with MS-Logon I and MS-Logon II authentication that may allow attackers to crack the...