Design/Logic Flaw

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications component: Provision API. The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2021-2461

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications component: Provision API. The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2021-2461

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications component: Provision API. The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2021-2461

CVE-2021-2461 affects Oracle Communications Interactive Session Recorder (Provision API) with affected version 6.4. Multiple connected sources corroborate a remote, unauthenticated HTTP-accessible vulnerability that can lead to unauthorized read/update/delete of data and a partial denial of servi...

Oracle Communications 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Interactive Session Recorder, which could ...

CVE-2021-22035

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

Schneider Electric IGSS 访问控制错误漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes.Schneider Electric Interactive Graphical SCADA System is vulnerable to An access control error vulnerability can be exploited to delete arbitrary files in the...

Schneider Electric IGSS 路径遍历漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes.Schneider Electric Interactive Graphical SCADA System is vulnerable to a path traversal vulnerability, which can be exploited by attackers to read arbitrary...

VITEC Exterity IPTV Elevation of Privilege Vulnerability

VITEC Exterity IPTV is a new technology from the French company VITEC that uses the broadband cable network to provide a variety of interactive services, including digital TV, to home users by integrating various technologies such as Internet, multimedia and communications. root...

WordPress ImageLinks Interactive Image Builder plugin <= 1.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress ImageLinks Interactive Image Builder plugin versions = 1.5.2. Solution Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version at least 1.5.3...

WordPress Vision Interactive plugin < 1.5.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by WPScanTeam in WordPress Vision Interactive plugin versions 1.5.2. Solution Update the WordPress Vision Interactive plugin to the latest available version at least 1.5.2...

VMSA-2021-0022:VMware vRealize Log Insight updates address CSV injection vulnerability

Advisory ID: VMSA-2021-0022 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-12 Initial Advisory CVEs: CVE-2021-22035 Synopsis: VMware vRealize Log Insight updates address CSV injection vulnerability CVE-2021-22035 RSS Feed Download PDF Download Text File Share this page on social medi...

react-here-map-interactive (>=0.0.1 <=0.9.2) potentially affected by CVE-2021-23700 via merge-deep2 (=3.0.6)

merge-deep2 NPM version =3.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on merge-deep2 and may be impacted: - react-here-map-interactive =0.0.1, =0.9.2 Source cves: CVE-2021-23700 Source advisory: SNYK:JS-MERGEDEEP2-1727593...

CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

CVE-2021-41088

Elvish (the language/shell) vulnerability CVE-2021-41088 affects versions prior to 0.14.0 where the web UI backend (elvish -web) accepts code from the web UI without proper origin validation. If a user has the web UI backend open and visits a malicious site, that site can send arbitrary code to t...

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System (IGSS) allows a intruder to perform arbitrary actions.

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System IGSS relates to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a attacker to execute arbitrary code...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluen...

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System (IGSS) allows a intruder to perform arbitrary actions.

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a intruder to execute arbitrary code...

The vulnerability of the mdb database in the interactive graphical SCADA system allows a intruder to trigger a service failure.

The vulnerability of the mdb database in the Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...