Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the itemsave process when the imported parameter is set to true. An attacker can bypass both CSRF...

EUVD-2020-26555

Malware in sbrugna...

CVE-2025-53108

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

SUSE CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

Cisco Unified Computing System (UCS) Central Software Improper Certificate Validation (cisco-sa-ucs-invcert-eOpRvCKH)

According to its self-reported version, Cisco Unified Computing System Central Software is affected by an improper certificate validation vulnerability. An authenticated, adjacent attacker could exploit this, by sending a crafted HTTP request to the registration API, to register a rogue Cisco UCS...

Detect FritzFrog and Other Malware Infections with Inventory Data

Recently, Guardicore researchers discovered a new type of malware called “FritzFrog,” which targets multiple industry verticals, including government, finance, and healthcare. It employs brute-forcing SSH credentials as an initial attack vector, uses a proprietary P2P protocol to efficiently...

CVE-2020-5373

Dell EMC OpenManage Integration for Microsoft System Center OMIMSSC for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device...

Authentication flaw

Dell EMC OpenManage Integration for Microsoft System Center OMIMSSC for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device...

CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

DEBIAN-CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

PYSEC-2020-204

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven

A key capability of an IT asset inventory system is being able to exchange data with CMDBs Configuration Management Databases. In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles,...

List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2

Lists Microsoft Knowledge Base KB articles that describe the hotfixes and updates that are contained in Microsoft System Center Configuration Manager 2007 Service Pack 2 SP2.INTRODUCTIONThis article lists Microsoft Knowledge Base KB articles that describe the hotfixes and updates that are contain...

PT-2020-7688

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 1.6.7 Description The issue allows remote attackers to execute arbitrary code via crafted lookup'pipe' calls or crafted Jinja2 data, due to the lack of prevention of inventory data with "" and "lookup" substrings, and...