ASTPP 安全漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a security vulnerability. This vulnerability stems from information leakage, and it could allow unverified attackers to download database backup files by predicting the file name pattern...

EUVD-1999-1297

Malware in sbrugna...

EUVD-2016-3095

Malware in sbrugna...

CVE-2021-45925

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2016-20007

The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:3267-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3267-1 advisory. golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142:...

DRUPAL-CONTRIB-2024-033

This module enables you to cache pages for logged in users at the Varnish level. The Varnish bin names may be guessable when no hashing noise configuration is set on the module configuration page, which would ultimately allow any user to view cached pages that were intended for other roles when...

Incorrect Authorization

org.apache.pulsar:pulsar-functions-worker is vulnerable to Incorrect Authorization. The configuration of a source or sink could be accessed by an authenticated user without permission, potentially exposing credentials. This vulnerability is lessened by the fact that there are no known techniques...

Invision Community 安全特征问题漏洞

Invision Community is a software for designing and developing mobile application UI from Invision, Inc. A security signature vulnerability exists in Invision Community, which originates in the product's mtrand function that enables brute-force attacks on uploaded files to predict file names. The...

Squaredup has an unspecified vulnerability

Squaredup, a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments, has a security vulnerability that could be exploited by attackers to guess a valid user name...

Drupal Code Issues Vulnerabilities

Drupal is an open source content management system developed in the PHP language by the Drupal community. A code issue vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows guessing session names...

CVE-2016-20007

CVE-2016-20007 affects the Drupal REST/JSON project 7.x-1.x. The vulnerability is described as a session name guessing flaw (SA-CONTRIB-2016-033) within this module. Based on the linked metrics, the issue carries CVSS v2 base score 5.0 (Medium) with Network access, Low attack complexity, no user ...

bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reac...

SilverStripe Code Issues Vulnerabilities

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe 4.5 and previous versions of a security vulnerability . An attacker can...

foreman: Information disclosure in provisioning template previews

A flaw was found in foreman's handling of template previews. An attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, disclosing potentially sensitive information...

REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033

This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...

JqueryUpload large file upload arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Guess the solutions to catalog, direct access to the default. aspx you may need to modify the parameter uploadid,the specific capture can be seen, can not make the undefined） 2. Test upload, the capture 3. Modify the Upload Directory can be arbitrarily specified 4. Guessing file name: the server...

Code injection

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the 1 Reports or 2 Duplicates page...

ViArt Shopping Cart 3.5 XSS / Path Disclosure

=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

About the database the simple intrusion and rogue damage-vulnerability warning-the black bar safety net

For domestic and foreign a lot of news, BBS and e-Commerce site using ASP+SQL design, and write an ASP programmer many many have just graduated, so, ASP+SQL attack success rate is relatively high. This type of attack method with the NT version and SQL version is not much relationship, there is no...