CVE-2021-45678

CVE-2021-45678 affects NETGEAR RAX200 devices prior to firmware version 1.0.5.132 due to insecure code in the device web server. The vulnerability enables network‑remote code execution with no authentication; impact is high/critical per CVSS (remote, network‑based, no user interaction). An explic...

CVE-2021-45678

NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code...

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR RAX200 devices prior to version 1.0.5.132, which stems from insecure code...

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

The U.S. Federal Bureau of Investigation FBI on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus,...

Hoax Email Blast Abused Poor Coding in FBI Website

The Federal Bureau of Investigation FBI confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sen...

CVE-2020-28647

MOVEit Transfer (pre-2020.1) is affected by a stored XSS vulnerability: a malicious payload crafted by an attacker can be stored in the app and, when a user interacts with it, execute arbitrary code in the victim’s browser. Public advisories and a GitHub exploit example describe the existence of ...

Halo Code Problem Vulnerability (CNVD-2020-60320)

Halo is a personal blogging system for individual developers. A code issue vulnerability exists in halo version 1.1.3. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No detailed vulnerability details are provided at...

toytoonshop.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1169030 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2020-11073

CVE-2020-11073 affects Autoswitch Python Virtualenv prior to 0.16.0. A user entering a directory containing a malicious .venv file could execute arbitrary code locally without user interaction. Impact and exploitation details are supported by multiple sources in the connected documents (Red Hat C...

Atlassian Jira Code Issue Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira. The vulnerability stems from an improperly designed or implemented code...

CVE-2019-10181

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...

Nextcloud: Predictable Random Number Generator

Description: The mobile application uses a predictable Random Number Generator RNG. Under certain conditions this weakness may jeopardize mobile application data encryption or other protection based on randomization. For example, if encryption tokens are generated inside of the application and an...

CVE-2017-15695

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

CVE-2011-3178

The CVE-2011-3178 entry affects the web UI of openbuildservice prior to version 2.3.0. A code injection vulnerability in the project rebuildtimes statistics could be exploited by authorized attackers to execute shellcode. Impact is described as able to run arbitrary code with the attacker’s privi...

Mobile Security Framework: MobSF

Mobile Security Framework is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We’ve been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and...

Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...

Symantec Web Gateway 5.2.1 OS Command Injection Vilnerability

Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability. ------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability...

MySpeach <= 2.1b (up.php) Remote Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------------------------------------ Script:MySpeach Affected Version:beta2.1 and maybe older Downlaoad:http://www.graphiks.net/scripts/chat/myspeach-2.1beta.zip...

Tech-Source Raptor GFX PGX32 2.3.1 Config Tool Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1563/info Raptor GFX cards are designed to handle 24-bit true color applications such as Netscape, seismic, geographical information systems GIS, satellite imaging, pre-press imaging and general desktop use. They can also...