Slackware: Security Advisory (SSA:2014-044-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-1039

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the...

Command injection

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the...

CVE-2022-1039 ICSA-22-104-03 Red Lion DA50N

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the...

CVE-2022-1039

CVE-2022-1039 is referenced across multiple sources as a weakness in the Red Lion DA50N gateway related to weak password requirements. The primary concrete details indicate that: the web UI password is weak and can be exploited over HTTP/HTTPS, enabling attackers to change other passwords; Linux ...

Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939)

Summary IBM Security Guardium Insights addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and "undefined" was in passed for the...

CVE-2015-20107

creationtimestamp| type| source ---|---|--- 2022-04-13 20:18:15+00:00| seen| https://t.me/cibsecurity/40734 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/...

Microsoft Windows Multiple Vulnerabilities (KB5012647)

This host is missing an important security update according to Microsoft KB5012647 SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Malicious Packages

exchangeclients and rush-lib are malicious packages. The packages contains empty README files but the strings: "rukkaz package" or "azbit package" present in the metadata. The packages are created to abuse the dependency confusion vulnerability. The malicious code executes upon installation and...

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

Design/Logic Flaw

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system...

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

Online Banquet Booking System 1.0 Cross Site Request Forgery

Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...

Exploit for CVE-2022-21907

CVE-2022-21907 A REAL DoS exploit for CVE-2022-21907 It supp...

new.alufelnibolt.hu Cross Site Scripting vulnerability OBB-2463823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell), CVE-2022-22950

Solution On March 29, 2022, new CVEs were published on Spring Cloud: CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, and CVE-2022-22950. On March 31, 2022, a bypass to the fix for CVE-2010-1622 was published by Praetorian, and received the nickname "Spring4Shell" see Spring Core on JDK9+ is...

GHSA-J7XG-5549-JR3J Improper Certificate Validation in OWASP ZAP

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

Improper Certificate Validation in OWASP ZAP

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

Juniper Junos OS Path Traversal Vulnerability

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...