Security Bulletin:IBM Security QRadar EDR Software contains a vulnerability (CVE-2024-45654)

Summary IBM Security ReaQta is vulnerable to potential unauthorized actions by authenticated users due to reliance on untrusted inputs. The vulnerability have been resolved in the latest update. Vulnerability Details CVEID:CVE-2024-45654 DESCRIPTION: IBM Security ReaQta could allow an authenticat...

Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework library that could be identified and exploited with automated tools. This has been addressed in an update. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker...

CVAD Workspace App (Windows, MAC, Linux)

Introduction This article is a summary of the top support articles related to CVAD Workspace App Windows, MAC, Linux Overview of the Issue Provide a brief yet comprehensive overview of the issue, outlining the common challenges and key points that will be addressed in detail in the linked content...

Internal Error 2869 when Installing Hotfixes on XenApp 6.x

Errors occur when installing hotfixes on a XenApp 6.0 server usingthe manual method. The manual installation method included: Right-clicking on the .msp hotfix package and selecting Apply Double-clicking on the .msp hotfix package The errordisplayed is a message box with the following dialog:...

Backdrop CMS 1.27.1 Remote Command Execution

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os impor...

Backdrop CMS 1.27.1 - Remote Command Execution Exploit

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os import time import...

BIT-AIRFLOW-2022-40189 Apache Airlfow Pig Provider RCE

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

K11068141: Python vulnerability CVE-2014-9365

Security Advisory Description The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches...

CVE-2022-41131

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1741)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4163)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published...

CVE-2022-21705 Authenticated remote code execution in octobercms

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...

New Critical RCE Bug Found in Adobe Commerce, Magento

Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept PoC exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an emergency...

VulnLab - A Web Vulnerability Lab Project

VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross Site Scripting XSS Command Injection Insecure Direct Object References IDOR Cross Site Request Forgery CSRF XML External Entity XXE Insecure Deserialization File Upload File Inclusion Broken...

october/system arbitrary code execution

Impact Assuming an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates. Patches Issue has been patched in Build 473 and v1.1.6 Workarounds Apply...

Design/Logic Flaw

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...

Mobile Access Portal Agent before Build 800007042 runs Arbitrary Applications

Cause Mobile Access Portal Agent runs predefined Native Applications. If administrator configured such application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location. Symptoms - When environment variables are used ...

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 12, 2021 (KB5007012)

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 12, 2021 KB5007012 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...