SUSE CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

SUSE CVE-2020-5235

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PBENABLEMALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc runs out of memory when expanding the array nanopb can end...

SUSE CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerabilit...

PT-2023-13891 · WordPress · Wp Sunshine Sunshine Photo Cart

Name of the Vulnerable Software and Affected Versions: WP Sunshine Sunshine Photo Cart plugin versions 2.9.13 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

EulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2023-1249)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to...

The High Cost of Human Error In OT Systems

In baseball, a mistake made by a player that could have easily been avoided is sometimes called an “unforced error.” An unforced error is not an official error that is, they are not reflected in statistics, however, they can result in additional runs being scored, runners getting on base, and eve...

PT-2023-12393 · Qlik · Qlikview

Name of the Vulnerable Software and Affected Versions: Qlik QlikView versions prior to 12.60.20100.0 Description: The issue allows the creation of a temporary file in a directory with insecure permissions. Recommendations: For versions prior to 12.60.20100.0, update to version 12.60.20100.0 or...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

AlmaLinux 9 : firefox (ALSA-2023:0285)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:0285 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox DataTransfer.setData...

RHEL 8 : firefox (RHSA-2023:0294)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0294 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...

RHEL 9 : firefox (RHSA-2023:0285)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0285 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0112-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0112-1 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firef...

ManageEngine Vulnerability CVE-2022-47966

Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache...

Unbounded Chainlink oracle time delay vulnerability

Lines of code Vulnerability details Summary The contract OndoPriceOracleV2 allows for the owner to set an association between an fToken and a Chainlink oracle for price retrieval. The contract also allows the owner to set a maxmum amount of time delay that it will tolerate from all Chainlink...

PT-2022-27670 · Unknown · Planet Estream

Name of the Vulnerable Software and Affected Versions: Planet eStream versions prior to 6.72.10.07 Description: The issue allows attackers to call restricted functions and perform unauthenticated uploads via the "Upload2.ashx" endpoint or access content uploaded by other users through "View.aspx"...

CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...