Progress Sitefinity Cross-Site Scripting Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in Progress Sitefinity due to cross-site scripting in the page editing area...

Progress Sitefinity Security Breach

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity, which can be exploited to obtain sensitive information through the site administrative area by a user with access to the Sitefinity backend...

CVE-2021-46970 bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove WQMEMRECLAIM flag from state workqueue A recent change created a dedicated workqueue for the state-change work with WQHIGHPRI no strong reason for that and WQMEMRECLAIM flags, but the state-change wor...

AZL-40183 CVE-2024-26584 affecting package kernel for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

Progress Software WS_FTP Server Security Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.5 that stems from the presence of a cross-site scripting vulnerability...

Exploit for OS Command Injection in Hikvision Intercom_Broadcast_System

CVE-2023-6895 Vulnerability Scanner This is a simple Python s...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

PT-2024-13356 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: WPvivid plugin for WordPress versions up to, and including, 0.9.94 Description: The issue is related to a missing capability check on the restore and get restore progress functions. This allows unauthenticated attackers to invoke these...

WordPress plguin WPvivid Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

progress-color.jp Improper Access Control vulnerability OBB-3845490

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Quantum Computing Skeptics

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we dont know if its "land a person on the surface of the moon" hard, or "land a person on the surface of the sun" hard. They...

CVE-2023-40052

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40051

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

Design/Logic Flaw

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

Code injection

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40052 Progress Application Server (PAS) for OpenEdge Denial of Service

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40052 Progress Application Server (PAS) for OpenEdge Denial of Service

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40052

CVE-2023-40052 affects Progress Application Server (PAS) for OpenEdge. A malformed web request can crash a PASOE agent, potentially disrupting thread activities of multiple web application clients and causing DoS due to flooding of invalid requests. Affected versions are 11.7 < 11.7.18, 12.2

CVE-2023-40051 Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...