149 matches found
CVE-2020-14009
Affected product: Proofpoint Enterprise Protection (PPS/PoD) prior to version 8.16.4. Root cause: Messages with crafted/malformed multipart structures are not properly handled, enabling bypass of scanning and file-blocking rules. Impact: An attacker could deliver an email with a malicious attachm...
DEBIAN-CVE-2021-30022
There is a integer overflow in mediatools/avparsers.c in the gfavcreadppsbsinternal in GPAC from 0.5.2 to 1.0.1. ppsid may be a negative number, so it will not return. However, avc-pps only has 255 unit, so there is an overflow, which results a crash...
DEBIAN-CVE-2021-30020
In the function gfhevcreadppsbsinternal function in mediatools/avparsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-numtilecolumns may be larger than sizeofpps-columnwidth, which results in a heap overflow in the loop...
UBUNTU-CVE-2021-30022
There is a integer overflow in mediatools/avparsers.c in the gfavcreadppsbsinternal in GPAC from 0.5.2 to 1.0.1. ppsid may be a negative number, so it will not return. However, avc-pps only has 255 unit, so there is an overflow, which results a crash...
GPAC 输入验证错误漏洞
GPAC is a multimedia framework for rich media and distributed under the LGPL license. An integer overflow vulnerability exists in gfavcreadppsbsinternal in mediatools/avparsers.c in GPAC version 1.0.1. An attacker could exploit this vulnerability to cause a program crash...
A week in security (June 22 – 28)
Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that...
Record 0-Second SLA PPS Mitigation
On May 2, 2020, Akamai blocked a large PPS-focused attack against one of our financial services customers in 0 seconds, utilizing a proactive mitigation posture. This was one of the largest PPS levels we have on record, and the biggest mitigated to date in 0 seconds. The attacker launched a bevy ...
CVE-2019-2107
In ihevcdparsepps of ihevcdparseheaders.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...
Cross site scripting
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure PCS 8.3R2 before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX...
CVE-2019-11509
In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure PPS before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker via the admin web...
Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them.
DDoS attacks are usually ranked by the amount of bandwidth involved, such as the 2018 GitHub attack that peaked at 1.35 Terabits per second and is often cited as the largest DDoS attack ever. From Imperva’s long history of successfully mitigating DDoS attacks, we know that the TRUE measure of...
Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.
Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more. DDoS attacks are usually measured by the amount of bandwidth involved, such as the 1.35 Terabits per second maximum attack directed at GitHub last year, the largest DDoS attack ever at the...
CVE-2018-20814
The CVE-2018-20814 issue is a cross-site scripting (XSS) vulnerability in Psaldownload.cgi affecting Pulse Connect Secure (PCS) 8.3R2 and earlier and Pulse Policy Secure (PPS) 5.4RX and earlier (not applicable to PCS 8.1RX or PPS 5.2RX). Root cause is insufficient validation of client data in the...
PT-2023-15160 · Unknown +1 · Gpac Mp4Box +1
Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b Description: The issue is related to a buffer overflow in the gf vvc read pps bs internal function, located in the media tools/av parsers.c file. Recommendations: For GPAC MP4box version...
CVE-2018-6320
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure PCS 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an https Host header received from the browser is trusted without validation...
CVE-2018-6320
CVE-2018-6320 affects Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) where login.cgi improperly validates the http(s) Host header. Affected versions: PCS 8.1RX pre-8.1R12 and 8.3RX pre-8.3R2; PPS 5.2RX pre-5.2R9 and 5.4RX pre-5.4R2. The issue arises from trusting the Host header receive...
CVE-2018-5299
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure PCS before 8.3R4 and Pulse Policy Secure PPS before 5.4R4, leading to memory corruption and possibly remote code execution...
CVE-2018-5299
CVE-2018-5299 is a stack-based buffer overflow in the web server of Pulse Secure Pulse Connect Secure (PCS) prior to 8.3R4 and Pulse Policy Secure (PPS) prior to 5.4R4, leading to memory corruption and potential remote code execution. Public sources (NVD/CNVD/PRION/CVE List) confirm a network-vec...
InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...