6348 matches found
Cross-site Scripting (XSS) - Stored in zikula-modules/content
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...
python: CRLF injection via HTTP request method in httplib/http.client
A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...
The vulnerability of the communication interface for Smartlink modular equipment, the microprogrammed wireless energy sensor PowerTag, and Wiser controllers, related to the use of insufficiently random values, allows intruders to gain increased privileges.
The vulnerability of the communication interface for Smartlink module equipment, the microprogrammed wireless energy sensor PowerTag, and Wiser controllers is related to the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to exploit the system...
@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)
tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: SNYK:JS-TEMPURA-1569633...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37669 via tensorflow-gpu (>=1.10.1 <=2.3.2)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37669 Source advisory: OSV:GHSA-VMJW-C2VP-P33C...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37682 via tensorflow-gpu (>=1.10.1 <=2.3.2)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37682 Source advisory: OSV:GHSA-4C4G-CRQM-XRXW...
Triada Trojan in WhatsApp mod
WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...
Process-Dump - Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis
Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject...
PackageDNA - Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes
This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, i...
Moderate: Red Hat Security Advisory: ACS 3.64 security and enhancement update
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. Red Hat Product Security has rated this update as having a "Moderate" security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Mitsubishielectric Melsec Uncontrolled Resource Consumption
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 EN CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU...
DEBIAN-CVE-2013-4717
Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...
Ubuntu 21.04 : Perl vulnerability (USN-5033-1)
The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5033-1 advisory. It was discovered that the Perl Encode library incorrectly handled paths. A local attacker could possibly use this issue to trick the library into executing arbitrary...
Metasploit Wrap-Up
Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk Bring You...
CVE-2021-20597
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a...
Mitsubishi Electric MELSEC iQ-R Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-R Series CPU Module Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...
PT-2021-8030 · Mitsubishi · Melsec Iq-R Series Safety Cpu Modules R08/16/32/120Sfcpu +1
Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26 MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11 Description: The issue is related to the exposure of sensitiv...
Several Malware Families Targeting IIS Web Servers With Malicious Modules
A systematic analysis of attacks against Microsoft's Internet Information Services IIS servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight...
Denial of service
An uncontrolled resource consumption denial of service vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via...
HCC Embedded InterNiche 安全特征问题漏洞
The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...