Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

CVE-2024-5749

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749 Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749 Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749

The CVE-2024-5749 entry concerns HP DesignJet printer firmware vulnerable to a credential reflection issue in the SMTP Server Credential Handler. The root cause is a lack of authentication for a function that can reveal SMTP server credentials, potentially enabling a remote attacker to view sensi...

HP DesignJet 安全漏洞

HP DesignJet is a series of large format printers from Hewlett-Packard HP in the United States. A security vulnerability exists in HP DesignJet that stems from vulnerability to credential reflection, which allows viewing of SMTP server credentials...

Certain HP DesignJet products–Credentials reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. Update your printer firmware...

CVE-2024-43364

CVE-2024-43364 affects the Cacti web framework. The vulnerability is a stored XSS due to improper sanitization of the title parameter when saving external links (links.php), with the title stored in the database and reflected in index.php. The issue is addressed in Cacti release 1.2.28 (upgrading...

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

SUSE CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

UBUNTU-CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

PT-2024-10983 · Unknown · Bluetooth Core Specification

Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specifications versions 2.1 through 5.3 Description: The issue concerns Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol. It may allow an unauthenticated...

U.S. Dept Of Defense: XSS Reflected

The web application was vulnerable to reflected cross-site scripting XSS attacks. Untrusted data from the URL parameters was included in the application's response without proper sanitization or validation. This allowed an attacker to inject malicious scripts into web pages viewed by other users...

Intumit SmartRobot 跨站脚本漏洞

Intumit SmartRobot is a web development framework from Intumit, Inc. A cross-site scripting vulnerability exists in Intumit SmartRobot versions prior to v7.1.0 that stems from failure to properly validate a specific page parameter, which could allow an unauthenticated, remote attacker to inject...

Chargen Probe Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chargen Probe Utility', 'Description' = %q Chargen is a debugging and measurement tool and a character generator service. A character generator...

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform 跨站脚本漏洞

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL. A cross-site scripting vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

AguardNet Space Management System Cross-Site Scripting Vulnerability

AguardNet Space Management System is a space management system from China-based AguardNet. A cross-site scripting vulnerability exists in AguardNet Space Management System versions prior to 2024-04-09-3302, which stems from not properly filtering user input, allowing a remote attacker with regula...

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service DDoS attack in April 2024 that reached a packet rate of 840 million packets per second Mpps. This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large...