Exploit for Insecure Default Initialization of Resource in Praison Praisonai

⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...

TencentOS Server 2: bind (TSSA-2025:0289)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0289 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-29872

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2025-29872 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2025-48902

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability...

Huawei HarmonyOS Unauthorized Access Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an unauthorized access vulnerability that stems from unauthorized access to the application lock module. An attacker can exploit the vulnerability to authenticate and access unauthorized resourc...

CVE-2024-11187 Many records in the additional section cause CPU exhaustion

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova (RHSA-2017:0282)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0282 advisory. The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running...

Unspecified Vulnerability in MOXA MXsecurity

MOXA MXsecurity is a management platform from China-based MOXA. It provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MOXA MXsecurity...

ROS-20240828-08

Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to using uninitialized resource. is related to the use of an uninitialized resource. Exploitation of the vulnerability could allow an attacker to disclose protected information Vulnerability in...

Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft What The Hack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of What The Hack. When installed from the official Microsoft...

Microsoft Azure Arc Jumpstart Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure Arc Jumpstart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azure Arc Jumpstart. When installed from the official...

PT-2020-6759 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.x through 3.0.4 Description: The issue is related to the handling of regular expressions in Trustwave ModSecurity, which can result in a Denial of Service condition. An attacker would need to know that a rule...

PHP hash_update_file()函数访问已释放资源漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 在调用PHP的hashupdatefile函数时，该函数首先要检索资源数据，之后从流中读取数据执行哈希运算。恶意的用户空间流处理器可以从读处理器中释放哈希资源，并使用特制的伪造资源替换，其中可能包含有修改过的哈希函数指针表。当内部函数继续执行哈希计算时，就会调用已被覆盖的函数指针，导致执行恶意代码。 PHP PHP = 5.3.2 PHP PHP = 5.2.13 厂商补丁： PHP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Stellar Docs 1.2 - Full Path Disclosure

Stellar Docs 1.2 - Full Path Disclosure source: https://www.securityfocus.com/bid/8385/info Stellar Docs will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks...

Sun ONE Application Server 7.0 - Source Disclosure

Sun ONE Application Server 7.0 - Source Disclosure source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the serv...