CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Reentrancy through withdrawBounty

Handle jonah1005 Vulnerability details Impact The function settleAuction Auction.solL69-L109 calls withdrawBounty. However, there's no safety checks in addBounty function.Auction.solL126-L138 The attacker can add malicious contract through addBounty and hijack the control flow of settleAuction...

Arbitrary File Deletion Vulnerability in OpenEMR

OpenEMR is the open source electronic health record and medical practice management solution. OpenEMR suffers from an arbitrary file deletion vulnerability that can be exploited by an attacker to delete arbitrary files...

CISA’s CSET Tool Sets Sights on Ransomware Threat

CISA has released a new module in its Cyber Security Evaluation Tool CSET: the Ransomware Readiness Assessment RRA. CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both...

Tianrongxin Attack and Defense Practice Platform Has Logic Flaw Vulnerabilities

Tianrongxin Attack and Defense Drill Platform "ADP" for short is designed to integrate training, practice, competition and evaluation, providing network security attack and defense knowledge training, combat drills, supporting online capture the flag competition, and forming a complete talent...

vulhub1

This is an open-source collection of vulnerable systems and applications for educational purposes, maintained by phith0n. It provides a controlled environment for learning and practicing penetration testing, vulnerability assessment, and security research. The repository contains various vulnerab...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more. The environments are designed to be easily reproducible and can be used for testing and training...

TributeAccrual missing out-of-bounds checks

Handle cmichel Vulnerability details Vulnerability Details The addTribute and addGovernanceTribute functions underflow when there are no tributes: Tribute storage lastTribute = tributestotalTributes - 1 = tributes-1; // underflow Impact It's bad practice and the iteration with the offset in...

GHSA-4F68-49QQ-H392 Improper certificate validation in em-imap

em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2021-22944)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A stored cross-site scripting vulnerability exists in OpenEMR version 2.7.3-rc1 - 6.0.0. The vulnerability stems from the Allergies section not properly validating user input. An attacker can...

OpenEMR Improper Access Control Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. OpenEMR version 2.7.2-rc1 - 6.0.0 suffers from an improper access control vulnerability when creating a new user. An attacker could exploit the vulnerability to obtain sensitive information...

PenTesting

Exploits A selection of re...

Logic Flaw Vulnerability in Large Practice Series Instructional Management System (CNVD-2021-21598)

Kok Jin Information Technology Co., Ltd. is a domestic educational software and informationization service provider. A logic flaw vulnerability exists in the Great Practice Series Teaching Management System, which can be exploited by attackers to obtain sensitive information...

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests ...

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests ...

OpenEMR SQL Injection Vulnerability (CNVD-2021-11076)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/usergroup/usergroupadmin.php in OpenEMR versions prior to 5.0.2.5. A remote authenticated attacker can exploit this vulnerability to execute...

OpenEMR SQL Injection Vulnerability (CNVD-2021-12109)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/reports/immunizationreport.php in OpenEMR versions prior to 5.0.2.5. A remote authenticated attacker can exploit this vulnerability to execute...

Logic flaw vulnerability in Kok Jin Practice Series teaching management system

Kok Jin Information Technology Limited is an educational software and information technology service provider. A logic flaw vulnerability exists in the Kok Jin Practice Series Teaching Management System, which can be exploited by attackers to obtain sensitive information...

Star Computer Star Practice Management Web Access Control Error Vulnerability (CNVD-2021-56826)

Star Computer Star Practice Management Web is a web service from Star Computer UK that applies billing based on time.An access control error vulnerability exists in Star Practice Management Web version 2019.2.0.6, which could be exploited by an unauthorized The vulnerability can be exploited by a...