PT-2023-10107 · Unknown · License To Kill

Name of the Vulnerable Software and Affected Versions: License to Kill affected versions not specified Description: A critical issue was found in License to Kill, affecting an unknown part of the file models/injury.rb. The manipulation of the name argument leads to sql injection. Recommendations:...

Effective Vulnerability Management with Stakeholder Specific Vulnerability Categorization (SSVC) and Qualys TruRisk

Security stakeholders across the globe have long relied on the Common Vulnerability Scoring System CVSS to prioritize vulnerabilities and assess their risk posture. The reason why the CVSS has become the standard for many security and vulnerability management teams alike is that this method is ea...

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data

Hundreds of databases on Amazon Relational Database Service Amazon RDS are exposing personal identifiable information PII, new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the...

Dismember - Scan Memory For Secrets And More

Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes or particular ones for common secrets and custom regular expressions, among other things. It will eventually become a full /proc toolkit. Using the grep command, it can match a regular expression...

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A version 1.00.0, which stems from...

Product Explained: Stellar Cyber Open XDR Platform

Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don...

CVE-2022-38542

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

Sql injection

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. Archery v1.4.0 version to v1.8.5 version has a SQL injection vulnerability, the vulnerability stems from the ThreadIDs parameter in the killsession interface contains SQL injection vulnerability...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...

PT-2022-24448 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It occurs via the ThreadIDs parameter in the "kill session" interface. Recommendations: For versions 1.4.0 through 1.8.5, upgrade to...

PT-2022-24446 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the ThreadIDs parameter in the create kill session interface. Recommendations: For Archery versions 1.4.0 through...

Command Injection

mc-kill-port is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the port argument allowing an attacker to inject malicious command via the kill function...

mc-kill-port vulnerable to Arbitrary Command Execution via kill function

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

CVE-2022-25973

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

CVE-2022-25973 Arbitrary Command Execution

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

CVE-2022-25973

mc-kill-port is vulnerable to Arbitrary Command Execution via the kill function due to missing sanitization of the port argument. Affected versions (as described across multiple sources) expose an exploit path where an attacker can inject commands through the port parameter, enabling local comman...

CVE-2022-25973

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...