PT-2025-22376 · Cisco +1 · Cisco Unified Communications/Contact Center Solutions +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications and Contact Center Solutions products affected versions not specified Description: A vulnerability in the system could allow an authenticated, local attacker to elevate privileges to root on an affected device. Th...

GHSA-7C5V-895V-W4Q5 jooby-pac4j: deserialization of untrusted data

Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform XP to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 ,...

[SA13059] HP OpenView Operations Unspecified Vulnerability

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

Corsaire Security Advisory: PeopleSoft IScript XSS issue

-- Corsaire Security Advisory -- Title: PeopleSoft IScript XSS issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Glyn Geoghegan [email protected] Audience: General distribution Reference: c030704-004 -- Scope -- The aim of this document is to...

MS02-045: Microsoft Windows SMB Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS (326830) (uncredentialed check)

The remote host is vulnerable to a denial of service attack in its SMB stack. An attacker may exploit this flaw to crash the remote host remotely, without any authentication. C Tenable Network Security, Inc. This script was written by Renaud Deraison Thanks to Ivan Arce who provided me with all t...

HP OpenView NNM v6.1 buffer overflow

HP OpenView NNM v6.1 buffer overflow The problem.. HP OpenView NNM v6.1 has a buffer overflow in the suid-root file ecsd located in the /opt/OV/bin/ directory. ecsd is not used in NNM, but is shipped and installed suid-root as default. Details.. je@openview uname -a SunOS openview 5.8...