PT-2025-31106 · Marbella · Marbella Kr8S Dashcam Ff

Name of the Vulnerable Software and Affected Versions: Marbella KR8s Dashcam FF version 2.0.8 Description: Marbella KR8s Dashcam FF 2.0.8 devices are shipped with default credentials of 12345678, creating an insecure-by-default condition. Passwords can be limited to 8 characters, which can be...

WordPress Cache control by Cacholong Plugin <= 5.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Cache control by Cacholong versions = 5.4.1...

HCL BigFix Patch Management 代码问题漏洞

HCL BigFix Patch Management is a comprehensive patch management solution from HCL Corporation, USA, designed to help organizations effectively manage and deploy security and non-security patches for operating systems and applications. A security vulnerability exists in HCL BigFix Patch Management...

StormBamboo APT Targets ISPs, Spreads Malware via Software Updates

StormBamboo abuses insecure software updates! Dont be a victim! This article explores how the StormBamboo group compromises ISPs…...

CVE-2024-20970

...

Weak Cryptography

DeviceFarmer is vulnerable to Weak Cryptography . The vulnerability is due to use of an outdated and insecure DES-ECB algorithm...

Magento Broken authentication and session managememt

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication...

CVE-2020-26513

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

PYSEC-2018-81

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Big File Uploader by Prismanet,1.0.2, Insecure File Upload

Big File Uploader by Prismanet, 1.0.2, Insecure File Upload...

CVE-2017-15203

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user...

PostgreSQL 9.1.x < 9.1.24 / 9.2.x < 9.2.19 / 9.3.x < 9.3.15 / 9.4.x < 9.4.10 / 9.5.x < 9.5.5 Multiple Vulnerabilities

Binary data 9963.prm...

Little People™ Player - Base64 encoded String, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Little People™ Player published at the 'play' market has multiple vulnerabilities...

CVSTrac < 1.1.5 Multiple XSS

The remote host seems to be running CVSTrac, a web-based bug and patch-set tracking system for CVS. According to its version number, the remote installation of CVSTrac has multiple cross-site scripting flaws. A remote attacker could exploit this by tricking a user into requesting a malicious URL,...

Pirch IRC 98 Client - Malformed Link Buffer Overrun

Pirch IRC 98 Client - Malformed Link Buffer Overrun source: https://www.securityfocus.com/bid/5079/info Pirch is subject to a buffer overflow condition. The overrun occurs if a user receives on a maliciously constructed link. It is not confirmed whether the user must first click on the link or no...