8 matches found
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...
Think Your MFA and PAM Solutions Protect You? Think Again
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA Multi-Factor Authentication and PAM Privileged Access...
RHEL 8 : libreoffice (RHSA-2020:1598)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1598 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...
Stay ahead of multi-cloud attacks with Azure Security Center
The COVID-19 crisis has challenged just about every business on the planet to quickly adapt and transform. With massive workforces now remote, IT administrators and security professionals are under increased pressure to keep these workers connected and productive while combating evolving threats,...
Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20200407)
libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands libreoffice: Insufficient URL validation allowing LibreLogo script execution libreoffice: LibreLogo global-event script execution libreoffice: Insufficient URL encoding flaw in allowed script location check...
Unauthorized Access
libreoffice allows unauthorized access to application functions. The remote resources protection module is not applied to bullet graphics, allowing any user to enable stealth mode to retrieve remote resources...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
Formshield Captcha - Older Version vulnerable to replay attacks
Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield – A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our...