CVE-2021-28141

An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the...

Progress Software Telerik UI for ASP.NET AJAX 安全漏洞

Progress Software Telerik UI for ASP.NET AJAX is an HTML editor from Progress Software. A security vulnerability exists in Progress Software Telerik UI for ASP.NET AJAX 2021.1.224, which can be exploited by an attacker to gain unauthorized access to the server and execute code...

PT-2021-17767 · Progress · Progress Telerik Ui For Asp.Net Ajax

Name of the Vulnerable Software and Affected Versions: Progress Telerik UI for ASP.NET AJAX version 2021.1.224 Description: An issue was discovered in Progress Telerik UI for ASP.NET AJAX, allowing unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may...

PT-2024-11079 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A recent change in the Linux kernel created a dedicated workqueue for state-change work with WQ HIGHPRI and WQ MEM RECLAIM flags. However, the state-change work mhi pm st worker does n...

SRC-2021-0014 : Progress MOVEit Transfer (DMZ) SILHuman FolderApplySettingsRecurs SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of MOVEit Transfer. Authentication is required to exploit this vulnerability. The specific flaw exists within the FolderApplySettingsRecurs function of the SILHuman class. The iss...

Akamai's New ESG Office: A Catalyst for Environmental and Social Progress

We're proud of the progress Akamai has made in environmental, social, and governance ESG performance. From reducing our greenhouse gas emissions by 30% and powering our platform with 50% renewable energy, to the millions invested in STEM education grants for underserved students, giving back to o...

Akamai's New ESG Office: A Catalyst for Environmental and Social Progress

We're proud of the progress Akamai has made in environmental, social, and governance ESG performance...

OESA-2021-1018 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to...

Star Computer Star Practice Management Web 访问控制错误漏洞

Star Computer Star Practice Management Web is a web service used for time-based billing by Star Computer, a UK-based company. The vulnerability can be exploited to access the WIP details of unauthorized jobs...

Sustainability at Akamai: An Efficient Platform Powered by Energy Aggregation

If I had a dollar for every time I heard "2020 was an unprecedented year", I could fund a clean energy project myself. And while we're tired of hearing it, it's true. Among the pandemic, U.S. presidential election, social justice movements, the finalization of Brexit, and many other new and...

Exploit for Cross-site Scripting in Progress Moveit_Transfer

Progress MOVEit Transfer tag with the source of the file set...

php: NULL pointer dereference in PHP session upload progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines

OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. Prerequisite Python 3  Currently supported Search engines ahmia darksearchio onionland notevil darksearchenginer phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosear...

Rapid7 Announces Improvements to Goals and SLAs in InsightVM

We know that proving the efficacy of your vulnerability management program is no easy task. But with the Goals and SLAs feature in InsightVM, you can ensure you’re making and tracking progress toward your goals and service-level agreements SLAs at an appropriate place, as well as maintaining...

ASB-A-142125338

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

U.S. Dept Of Defense: Improper Access Control - Generic on https://████

Greetings, I found on one of your sub-domains some tickets that are not supposed to be readable by everyone, we even have the possibility to delete the tickets. Link : https://███/█████/latest https://█████/███████/all https://█████/███████ DELETE HEADER METHOD Best regards, frenchvlad Impact a...

php: NULL pointer dereference in PHP session upload progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

progress-ru.ru Cross Site Scripting vulnerability OBB-1280597

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Cross-site Scripting (XSS)

@progress/kendo-angular-editor is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of the Editor content element passed through event handlers gets executed without sanitization...