Slackware: Security Advisory (SSA:2017-300-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-25226

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the serve...

The vulnerability of the Samples component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Samples component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data using the HTTP...

The vulnerability of the Reseller Locator component in the Oracle Partner Management system allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Reseller Locator component in the Oracle Partner Management system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data using the HTTP...

The vulnerability of the Unified Metadata Manager component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Unified Metadata Manager component of the Oracle Financial Services Analytical Applications Infrastructure software relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the Unified Metadata Manager component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Unified Metadata Manager component of the Oracle Financial Services Analytical Applications Infrastructure software relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the Log component in the Oracle Enterprise Session Border Controller allows a perpetrator to cause a partial service disruption.

The vulnerability of the Log component in the Oracle Enterprise Session Border Controller is related to resource release errors. Exploiting this vulnerability could allow a malicious actor to cause a partial service outage using the HTTP protocol...

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...

Exploit for CVE-2022-21907

CVE-2022-21907 A REAL DoS exploit for CVE-2022-21907 It supp...

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

Authentication flaw

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

CVE-2021-27422 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

CVE-2021-27422

GE UR firmware 8.1x or later mitigates a vulnerability (CVE-2021-27422) where the web server interface, exposed over HTTP, can disclose sensitive information without authentication. Affected: GE UR family relays with prior-to-8.1x web server. Root cause: HTTP web server exposure allowing unauthen...

CVE-2021-27422 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...

Windows IIS HTTP Protocol Stack DOS

This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...

Luna Simo 安全漏洞

Luna Simo is a smartphone from the Korean company Luna. A security vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from the fact that it uses HTTP to send the following personally identifiable information PII in clear text to a server in China...

Information Disclosure

cobbler is vulnerable to information disclosure. The vulnerability exists due to the cleartext transmission of data through the insecure HTTP protocol, allowing an attacker to gain sensitive information...

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...