EUVD-2021-16725

Malware in sbrugna...

EUVD-2025-24235

Malicious code in bioql PyPI...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...

CVE-2024-30701

This CVE-2024-30701 entry is rejected and does not represent an active vulnerability.

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

Design/Logic Flaw

OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques...

CVE-2019-5812

CVE-2019-5812: In Google Chrome for iOS, the security UI is inadequate, enabling domain spoofing via a crafted HTML page. The vulnerability affects the iOS UI path in Chrome prior to version 74.0.3729.108. Public sources in the connected documents confirm this CVE is tied to Chrome/Chromium updat...

CVE-2019-5812

Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

Domains & Hostings Manager PRO 3.0 - Authentication Bypass

Exploit Title: Domains & Hostings Manager PRO v 3.0 - Authentication Bypass Date: 13.01.2018 Vendor Homepage: http://endavi.com/ Software Buy: https://codecanyon.net/item/advanced-domains-and-hostings-pro-v3-multiuser/10368735 Demo: http://endavi.com/dhrprodemo/ Version: 3.0 Tested on: Windows 10...

Petya, M.E.Doc and the problem of trust

I've already mentioned in "Petya the Great and why they don’t patch vulnerabilities", that NotPetya ransomware seems trivial from Vulnerability Management point of view. It uses known Windows vulnerabilities, that were patched by Microsoft long time ago. Despite of this, I was really interested i...

17-Year-Old Lizard Squad Member Found Guilty Of 50,700 Hacking Charges

An alleged member of Lizard Squad, who claimed responsibility for knocking Sony's PlayStation Network and Microsoft's Xbox Live offline late last year has been convicted of 50,700 counts of cyber crime. The infamous computer hacker gang Lizard Squad launched massive Distributed Denial-of-Service...

Unisys/DHS Hack

A congressional investigation was launched after hackers compromised a number of Homeland Security computers and transferred sensitive data to several Chinese language Web sites. The investigation deemed that Unisys, a government contractor that had been hired to secure the department’s systems,...

CVE-2003-1573

The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...

CVE-2003-1573

The CVE-2003-1573 entry concerns the PointBase 4.6 database component used in the J2EE 1.4 reference implementation (J2EE/RI). The vulnerability allows remote attackers to execute arbitrary programs, cause a denial of service, and obtain sensitive information through a crafted SQL statement. Root...

[Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke

=========================================================================== =========================================================================== Advisory: 2004-OSC2Nuke-001 Affected Software: OSC2Nuke 7x version 1 OSCNukeLite V3.1 and earlier Main Developer: Dreamlite Development Team Modu...

[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier

=========================================================================== =========================================================================== Advisory: 2004-Nuke-001 Affected Software: PHPNuke Affected Versions: Version 7.3 and earlier Main Developer: Francisco Burzi...

MyRoom 3.5 GOLD - save_item.php Arbitrary File Upload

MyRoom 3.5 GOLD - saveitem.php Arbitrary File Upload source: https://www.securityfocus.com/bid/6644/info A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system. Due to inadequate security checks performed by some PHP scripts, an attacker is able to...

MyRoom 3.5 GOLD - 'save_item.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/6644/info A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system. Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. Given the abili...