Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...

CVE-2019-18255

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation...

CVE-2019-18255

CVE-2019-18255 concerns HMI/SCADA iFIX (GE Digital) versions 6.1 and prior. A local authenticated user can modify system-wide iFIX configurations through section objects, enabling privilege escalation (I/O/access unspecified beyond local). Multiple connected sources confirm the issue and note it ...

Important: Red Hat Security Advisory: xterm security update

An update for xterm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2021-25779

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page...

Design/Logic Flaw

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...

Command injection

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code...

Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...

Cross-site Scripting (XSS)

xwiki-commons is vulnerable to cross-site scripting XSS. An attacker can inject arbitrary script via an SVG document to the upload feature of the comment section...

H8 SSRMS Insecure Direct Object Reference

Exploit Title: H8 SSRMS - 'id' IDOR Date: 01/31/2021 Exploit Author: Mohammed Farhan Vendor Homepage: https://www.height8tech.com/ Version: H8 SSRMS Tested on: Windows 10 Vulnerability Details ====================== Login to the application Navigate to Payment Section and Click on Print button. I...

Cross Site Scripting (XSS) in XWiki

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

GHSA-43HG-G44Q-474Q Cross Site Scripting (XSS) in XWiki

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

Cross site scripting

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Path traversal

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisc...

Command injection

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see...

Design/Logic Flaw

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1355 Cisco Unified Communications Products Vulnerabilities

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisc...