Quick CMS 6.7 Shell Upload

Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php,...

kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

CVE-2024-2462

CVE-2024-2462 affects Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN client applications. The reported issue allows an attacker to intercept or falsify data exchanges between the client and the server. Public references include Hitachi Energy PSIRT CSAF advisory paraphrased in CISA ICS advisories (...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

Hitachi Energy UNEM/ECST

SUMMARY Hitachi Energy is aware of a vulnerability that affects the UNEM/ECST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about the...

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that originates from a vulnerability that allows an attacker to intercept or forge data exchanges between a client and a server...

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

The vulnerability of D-Link DI-7003GV2 router microprogramming software, related to improper cleaning or release of resources, allows a intruder to trigger a service failure.

The vulnerability of D-Link DI-7003GV2 router microprogramming software is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by intercepting TCP/IP sessions...

RHEL 4 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squid: assertion failure in Range header processing SQUID-2014:2 CVE-2014-3609 - squid: off-by-one error ...

The vulnerability of the cross-platform access control system IBM i Access Client Solutions, related to improper session management, allows a hacker to intercept the user’s session and disclose sensitive information about the NT LAN Manager hash (NTLM).

The vulnerability of the cross-platform access control system IBM i Access Client Solutions is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session and disclose sensitive information about the NT LAN Manager hash NTLM...

PT-2024-4160

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description A vulnerability in the implementation of SAML 2.0 single sign-on SSO for...

The vulnerability of D-Link DIR-600 router’s microprogramming software, related to the manipulation of inter-site requests, allows a hacker to increase their privileges.

The vulnerability of D-Link DIR-600 router’s microprogramming software is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to enhance their privileges by intercepting authentication requests remotely...

CVE-2024-23583

CVE-2024-23583 affects HCL BigFix Platform, specifically the Windows Client Deploy Tool, with root cause described as insufficiently protected credentials. The vulnerability could allow an attacker to intercept credentials via Task Manager and gain unauthorized access to the Client Deploy Tool on...

PT-2024-19948

Name of the Vulnerable Software and Affected Versions Client Deploy Tool affected versions not specified Description An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Recommendations At the moment...

The vulnerability of the PHP programming language interpreter, related to incorrect handling of cookie files, allows attackers to intercept sessions and gain unauthorized access to protected information.

The vulnerability of the PHP programming language interpreter relates to the incorrect processing of cookie files, resulting from replacing spaces, periods, and open parentheses with underscores. Exploiting this vulnerability can allow an attacker to intercept sessions and gain unauthorized acces...

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that stems from the...

BIT-CILIUM-OPERATOR-2023-29002 Debug mode leaks confidential data in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...

CVE-2024-22345

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...

CVE-2024-22345

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...