Qognify Ocularis Code Issue Vulnerability

A code issue vulnerability exists in Qognify Ocularis that arises from improper design or implementation during code development for a network system or product...

Dell EMC PowerScale OneFS Backup/Restore Privileges Improperly Implemented Vulnerability

Dell EMC PowerScale OneFS is an API-powered file system. A backup/restore privilege improperly implemented vulnerability exists in Dell EMC PowerScale OneFS 8.1.0-9.1.0. An attacker with the BackupAdmin role could exploit this vulnerability to write data outside of the expected file system...

Monitorr Code Issue Vulnerability

A code issue vulnerability exists in Monitorr that arises from improper design or implementation during code development of a network system or product...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This...

EulerOS Virtualization 3.0.6.0 : sqlite (EulerOS-SA-2020-1764)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1486-1)

This update for the Linux Kernel 4.4.121-92129 fixes several issues. The following security issues were fixed : CVE-2020-12653: Fixed a buffer overflow in mwifiexcmdappendvsietlv which could have allowed local users to gain privileges or cause a denial of service bsc1171254. CVE-2020-12654: Fixed...

DEBIAN-CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-1864

CVE-2020-1864 affects Huawei Secospace AntiDDoS8000 series (V500R001C00, V500R001C20, V500R001C60, V500R005C00). Root cause is improper authentication implementation that allows a remote attacker to obtain information and forge the peer device to send specific packets, enabling connection to the ...

Lark Technologies: Access to private file's of helpdesk.

A improperly implemented access controls vulnerability was found at a Larksuite endpoint that could have resulted in a team founder who was also an admin of a separate helpdesk, to view an arbitrary image from a ticket they did not have permission to view. We thank @imrannisar for reporting this ...

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated...

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated...

MTN Group: SharePoint exposed web services in a subdomain

Hi there I found a subdomain that is sharepoint configuration is poorly implemented Because of improper configuration an anonymous user can access to the SharePoint Web Services. POC: Go to the following url: https://www.mtn.co.za/vtibin/lists.asmx?WSDL services.jpg Remediation Restrict access to...

Cisco Application Policy Infrastructure Controller Access Bypass Vulnerability

Cisco Application Policy Infrastructure Controller is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability

A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to make changes to an affected system system. The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the...

Adobe Reader Javascript API Information Disclosure (APSB14-28: CVE-2014-8451)

An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper implementation of a Javascript API. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...

SpiderSales 2.0 Shopping Cart Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9799/info Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported pron...

Atheme IRC Services 7.0.5 Denial Of Service

!/usr/bin/python3 Monday, January 13, 2013 . . | || || | || \ / | / \ / | |/ \ / \ | || || |\ // // | \ / /\ /||/|| / |||| // / http://www.zempirians.com 00100011 01101100 01100101 01100111 01101001 01101111 01101110 -= Atheme - IRC Services Daemon =- Proof of Concept, Denial of Service T E A...

Mozilla Firefox Multiple Vulnerabilities - July12 (Windows)

This host is installed with Mozilla firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnjul12win.nasl 6018 2017-04-24 09:02:24Z teissa $ Mozilla Firefox Multiple Vulnerabilities - July12 Windows Authors: Rachana Shetty Copyright: Copyright c...

Mozilla Firefox Multiple Vulnerabilities (Jul 2012) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.001 20-September-2010 Vendor: Alcatel Affected Products: Versions before 9.0.8.4 of the CCAgent option of OmniTouch Contact Center Standard Edition Vulnerability: unauthenticated administrative access to CTI CCA Server Risk: High...