CVE-2023-31004

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765...

CVE-2023-41114

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability occurs when the only account added is the system account $SYS. In this scenario, the nats-server creates an implicit user in $G and designates it as the noauthuser account. This effectively enables the same...

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system...

Tenda HG6 v3.3.0 Remote Command Injection Vulnerability

Summary HG6 is an intelligent routing passive optical network terminal in Tenda FTTH solution. HG6 provides 4 LAN ports1GE,3FE, a voice port to meet users' requirements for enjoying the Internet, HD IPTV and VoIP multi-service applications. Description The application suffers from an authenticate...

CVE-2020-5686

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL...

CVE-2020-3537

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...

Code injection

A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic...

nagios: Command injection via curl in MagpieRSS

It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system...

nagios: Command injection via curl in MagpieRSS

It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system...

David Harris Pegasus Mail 3.12 File Forwarding Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1738/info It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client. If the following code were to be inserted into a HTML...

Default Password (ironport) for 'admin' Account

The account 'admin' on the remote host has the password 'ironport'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin"; password = "ironport";...

Default Password (nsroot) for 'nsroot' Account

The account 'nsroot' on the remote host has the password 'nsroot'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Citrix NetScaler appliances are known to use these credentials to provide complete, administrative access to the Citrix NetScaler...

Default Password (user) for 'user' Account

The account 'user' on the remote host has the password 'user'. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "user"; password = "user"; include'deprecatednasllevel.inc'; include'compat.inc'; if description...

FreeBSD : mupdf -- Remote System Access (53bde960-356b-11e0-8e81-0022190034c0)

Secunia reports : The vulnerability is caused due to an error within the 'closedctd' function in fitz/filtdctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file...

MODx 'ucfg' Parameter Arbitrary File Access

The installed version of MODx allows access to arbitrary files because it fails to perform sufficient validation on 'ucfg' parameter in 'assets/snippets/ajaxSearch/ajaxSearchPopup.php'. By supplying directory traversal strings such as '..%2F' in a specially crafted AjaxSearch 'POST' request, it i...

mupdf -- Remote System Access

Secunia reports: The vulnerability is caused due to an error within the "closedctd" function in fitz/filtdctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file...

Default Password (admin) for 'root' Account

The account 'root' on the remote host has the password 'admin'. An attacker may leverage this issue to gain access, likely as an administrator, to the affected system. Note that DD-WRT, an open source Linux-based firmware popular on small routers and embedded systems, is known to use these...

Secunia Research: VLC Media Player WAV Processing Integer Overflow

====================================================================== Secunia Research 02/07/2008 - VLC Media Player WAV Processing Integer Overflow - ====================================================================== Table of Contents Affected...

jonascms-lfi.txt

┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...