PT-2026-23751

Name of the Vulnerable Software and Affected Versions Vito versions prior to 3.20.3 Description Vito is a self-hosted web application used for managing servers and deploying PHP applications. A missing authorization check in workflow site-creation actions allows an authenticated attacker with...

EUVD-2024-43402

Malicious code in bioql PyPI...

CVE-2024-55888 Content Security Policy appears to be missing in software and production setup

Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361

CVE-2024-49361 concerns the ACON library (Adaptive Correlation Optimization Network) and describes an input-validation vulnerability that could allow remote code execution when processing user-supplied data. Multiple sources corroborate that an attacker could submit malicious input to bypass vali...

PT-2024-33485 · Acon · Acon

Name of the Vulnerable Software and Affected Versions: ACON affected versions not specified Description: A potential issue has been identified in the input validation process of the ACON library, which could lead to arbitrary code execution if exploited. This could allow an attacker to submit...

CVE-2024-32047

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server...

tgstation-server 安全漏洞

tgstation-server is a toolset for managing production BYOND servers. A security vulnerability exists in tgstation-server that stems from problematic TGS restarts and reconnections...

GhostInTheNet - Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan. Properties: Network Invisibility Network Anonymity Protects from MITM/DOS Transparent Cross-platform Minimalistic Dependencies: Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and...

How to pass the command injection vulnerability fix Yahoo subsidiary production servers-vulnerability warning-the black bar safety net

One, Foreword Time to get back to 5 May 20, the night before that, I spent several days time to study the Yahoo Messenger app, still can't figure out how it works, but annoying headache and neck pain and looking for me. So I decided to go for a walk, find a new target. Then I noticed a very...

Ruby on Rails: Denial of Service in Action Pack Exception Handling

Severity Medium Impact Attackers can cause an application to be unreachable, causing a denial of service condition. Details When a Rails application receives a request with either body or query parameters, these parameters are converted to a params hash. Hashes can be passed to the application in...

Adobe ColdFusion Remote Development Services

Remote Development Services RDS is enabled on the remote ColdFusion server. RDS allows developers to use IDEs such as Dreamweaver to manage applications. It is recommended that RDS be disabled for production servers and that it be configured to require authentication on development servers. C...

Splunk Inadvertently Exposes User Passwords

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. Read the full article. The Register...

Resin viewfile Servlet file Parameter XSS

The remote host is running Resin, an application server. The 'viewfile' Servlet included with the version of Resin installed on the remote host fails to sanitize user input to the 'file' parameter before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject...

Oracle XSQL Sample Application Vulnerability

One of the sample applications that comes with the Oracle XSQL Servlet allows an attacker to make arbitrary queries to the Oracle database under an unprivileged account. Whilst not allowing an attacker to delete or modify database contents, this flaw can be used to enumerate database users and vi...

Non-Existant Page Physical Path Disclosure Vulnerability

Your web server reveals the physical path of the webroot when asked for a non-existent page. Whilst printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers. OpenVAS Vulnerability Test $Id: 404pathdisclosure.nasl 6007 2017-04-21...

IIS 5.0 Sample App reveals physical path of web root

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks. OpenVAS Vulnerability Test $Id: iis5samplepath.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: IIS 5.0 Sample App reveals physical path of...

PHP3 Physical Path Disclosure Vulnerability

PHP3 will reveal the physical path of the webroot when asked for a non-existent PHP3 file if it is incorrectly configured. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...