7691 matches found
CVE-2020-36128
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
CVE-2020-36128
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
Spoofing
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
Cisco Firepower Threat Defense Software Multiple DoS (cisco-sa-asa-ftd-vpn-dos-fpBcpEcD)
According to its self-reported version, Cisco FTD Software is affected by multiple denial of service DoS vulnerabilities. A vulnerability exists due to a lack of proper input validation. An unauthenticated, remote attacker can exploit this issue, via carefully crafted HTTPS request to an affected...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200
Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...
Nextcloud: Default Nextcloud allows http federated shares
userA on serverA runs on http only 2. userA sends a federated share to userB on serverB 3. userB is a normal user so he has no clue that there is no secure transport used and accepts the share 4. all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far...
CVE-2021-26291
A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the...
Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE
The wpdmadminuploadfile AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden. As an author or any account with the uploadfiles capability, attach a .php4 file to a download...
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...
CVE-2021-1504
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1504
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1445
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1445
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1504 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1504 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
CVE-2021-1445 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
Privilege Escalation
openjdk11:edge is vulnerable to privilege escalation. Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...