CVE-2021-36230

HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1...

OESA-2021-1265 isula-build security update

isula-build is a tool used for container images building. Security Fixes: When using isula-build to build container images, some functions for processing external data do not remove spaces when processing data. This vulnerability can cause a program crash. The open-source software isula-build...

Buildah 信息泄露漏洞

Buildah is a tool that supports building OCI container images. Buildah suffers from a security vulnerability that stems from the fact that processes running in a container build e.g., the Dockerfile RUN command have access to the environment variables of both the parent and grandfather processes...

Palo Alto Networks Cortex XDR Agent 代码问题漏洞

Palo Alto Networks Cortex XDR Agent is a client software for checking the security of client devices from Palo Alto Networks Malaysia. A security vulnerability exists in Palo Alto Networks Cortex XDR Agent that originates from improper control of user control files. The vulnerability can be...

Lending Pair initialize function can be front run.

Handle jonah1005 Vulnerability details Impact LendingPair does not initialize tokenMaster, controller, tokens. A hacker can listen the deployer address and front run the initialize transaction. The initialized contract would look almost exactly the same if the hacker only replace lpTokenMaster wi...

CVE-2020-35986

A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...

CVE-2021-33012

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will...

CVE-2021-33012

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will...

Vulnerability fixed in Cisco IP Phone

A vulnerability has been fixed in Cisco IP Phone. The vulnerability allows a malicious person with physical access to the device to execute arbitrary code with elevated permissions. Cisco has released updates to fix the vulnerability. More information can be found on the page below:...

Trader orders can be frontrun and users can be denied from trading

Handle cmichel Vulnerability details The Trader contract accepts two signed orders and tries to match them. Once they are matched and become filled, they can therefore not be matched against other orders anymore. This allows for a griefing attack where an attacker can deny any other user from...

CVE-2021-28830

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace...

CVE-2021-20099

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100...

CVE-2021-21574

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions...

Know your enemy! The four types of cyber attackers trying to breach your security today

As business needs compel organizations to manage an ever-increasing number of database types, both on-premise and in the cloud, the threat surface has also become larger and far more difficult to manage effectively. The bad actors out there know this, too. They are constantly probing, testing, an...

The vulnerability in the run-x-session script of the LDM package for the Debian GNU/Linux operating system allows a hacker to elevate their privileges to the level of the superuser.

The vulnerability in the run-x-session script of the LDM package for the Debian GNU/Linux operating system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to a superuser level...

Design/Logic Flaw

The Sentinel LDK Run-Time Environment installer Versions 7.6 and prior adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947...

maxSumOfPrices check is broken

Handle 0xRajeev Vulnerability details Impact rentAllCards requires the sender to specify a maxSumOfPrices parameter which specifies “limit to the sum of the bids to place” as specified in the Natspec @param comment. This is apparently for front-run protection. However, this function parameter...

Ec-cube 跨站脚本漏洞

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jun 2021)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Onelinepy - Python Obfuscator To Generate One-Liners And FUD Payloads

Python Obfuscator To Generate One-Liners And FUD Payloads. Download & Run git clone https://github.com/spicesouls/onelinepy cd onelinepy chmod +x setup.sh ./setup.sh onelinepy Usage Guide | || | . | | -| | | | -| . | | | Python |||||||||| | | Obfustucator || || usage: oneline.py -h -m M -i I...