Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE 1. Navigate to the page where ffmwp shortcode is included as Subscriber 2. Uploa...

Fedora: Security Advisory for curl (FEDORA-2022-5131c26a69)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Rational Asset Analyzer is vulnerable to an Information disclosure (CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty used by Rational Asset Analyzer could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. This has been addressed. Vulnerability Details CVEID:CVE-2022-22393...

SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2022:3003-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3003-1 advisory. - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploite...

Man-in-the-Middle (MitM)

python-scciclient is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because the sccicmd function of scci.py does not properly verify the HTTPS connection certifications, allowing an attacker to intercept the connection...

GHSA-RF3F-3P37-2QH4 python-scciclient vulnerable to Man-in-the-middle (MITM) attacks

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

python-scciclient vulnerable to Man-in-the-middle (MITM) attacks

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

DEBIAN-CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

Design/Logic Flaw

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

PYSEC-2022-43152

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

UBUNTU-CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

PYSEC-2022-43152

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

PT-2022-19931 · Unknown +1 · Python-Scciclient +1

Name of the Vulnerable Software and Affected Versions: python-scciclient affected versions not specified Description: A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to...

CVE-2022-2996

CVE-2022-2996 : A flaw in the Python python-scciclient allowed connections to a server without verifying the server’s TLS certificate, enabling MITM attacks. Publicly documented in Debian security advisory DLA-3180, which notes that python-scciclient did not verify server TLS certificates when ma...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

Cleartext Transmission of Sensitive Information in moment-timezone

Impact if Alice uses grunt data or grunt release to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata...