15 matches found
EUVD-2021-20378
Malware in sbrugna...
EUVD-2025-21130
Malicious code in bioql PyPI...
D-Link Home Routers Open to Remote Takeover Will Remain Unpatched
D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. The vulnerability CVE-2019-16920 exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products,...
Google Warns of Android Zero-Day Bug Under Active Attack
Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the...
Microsoft Blacklists Dozens of New File Extensions in Outlook
Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables. The move will prevent users from downloading email attachment...
CVE-2015-7820
Race condition in the administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal...
CVE-2015-7817
Race condition in the administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal...
Race condition
Race condition in the administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal...
CVE-2015-7820
CVE-2015-7820 is a race-condition vulnerability in IBM System Networking Switch Center (SNSC) and Lenovo Switch Center that, on affected releases, can let a remote attacker obtain privileged-account access and then abuse ZipDownload.jsp to read arbitrary files. The issue affects SNSC prior to 7.3...
CVE-2015-7817
CVE-2015-7817 affects IBM System Networking Switch Center (SNSC) prior to 7.3.1.5 and Lenovo Switch Center prior to 8.1.2.0. A race condition in the administration-panel web service enables remote attackers to obtain privileged-account access, then feed FileReader.jsp input containing directory t...
CVE-2015-7820
Race condition in the administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal...
CVE-2015-7817
Race condition in the administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal...
jira 4.4.3 greenhopper 5.9.8 - Multiple Vulnerabilities
jira 4.4.3 greenhopper 5.9.8 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2012-1500, Stored XSS in JIRA v4.4.3663-r165197, GreenHopper Resolved in Version 5.9.8, Proof of Concept External References: CVE-2112-1500 CVE-2112-1500 XSS.Cx Blog GHS-5642 Reported to...
CVE-2011-2084
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read 1 hashes of former passwords and 2 ticket correspondence history by leveraging access to a privileged account...
CVE-2011-2084
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read 1 hashes of former passwords and 2 ticket correspondence history by leveraging access to a privileged account...