UPchieve: Outdated Copyright Message @ Welcome email

POC : Description : Outdated Copyright is present @ Welcome to UPchieve! email which is of years "2020" Impacted Security Property : Integrity ASVS Categories : Architecture , Design and Threat Modeling POC email and video : Gmail - Welcome to UPchieve!.pdf and recording-1632912432386.webm...

Apache < 2.4.49 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.49 changelog. - apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to...

PVS 1912:Unable to merge vdisk "vDisk versions are not up to date on all Servers that access this vDisk. Update all "

Unable to merge the old versions of vdisk. Error message when we attempt merge: "vDisk versions are not up to date on all Servers that access this vDisk. Update all Servers with the lastest versions of the vDisk files"...

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed...

Moxa Command Injection / Cross Site Scripting Vulnerabilities

======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage...

Moxa Command Injection / Cross Site Scripting / Vulnerable Software

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number:...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4729 more potentially affected by CVE-2021-37683 via tensorflow (>=1.0.1 <=2.3.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-37683 Source advisory: OSV:GHSA-RHRQ-64MQ-HF9H...

Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability

======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm HX3040 Series vulnerable version: See "Vulnerable...

PT-2021-6499

Name of the Vulnerable Software and Affected Versions datatables.net versions prior to 1.11.3 Description The issue is related to the incorrect handling of an array in the input data by the DataTables plugin, which can allow a remote attacker to compromise data integrity. If an array is passed to...

openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:2618-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2618-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

UBUNTU-CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. Mozilla Firefox is vulnerable to a resource management error that stems from a post-release usage error in the outdated Cairo library. An attacker could exploit the vulnerability to create a specially crafted web page...

[SECURITY] Fedora 34 Update: perl-Mojolicious-8.73-2.fc34

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

Top 10 Cloud security tips

About half of the pen tests we’re asked to do involved cloud services at some point. We’ve even tested a cloud platform on an aeroplane – the irony was not lost on us! There is a multitude of ways to improve the security of your cloud platforms and often those ways are ever-changing or obscured...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2132)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-35941

Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. Recent assessments: gwillcox-r7 at...

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

VulnCheck KEV: CVE-2020-24581

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...

DEBIAN-CVE-2021-31535

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended for server-side color lookup contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allow...