EUVD-2010-1595

Malware in sbrugna...

CVE-2025-5451

CVE-2025-5451 involves a stack-based buffer overflow in Ivanti Connect Secure prior to 22.7R2.8 and Ivanti Policy Secure prior to 22.7R1.5 that allows a remote authenticated attacker with admin rights to trigger a denial of service. Multiple connected sources confirm the vulnerability details and...

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data...

CVE-2019-11508

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker via the admin web interface can exploit Directory Traversal to execute arbitrary code on the appliance...

CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild

On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is ...

WordPress plugin Premium Packages – Sell Digital Products Securely 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. WordPres...

JSA10350 - Optimistic TCP acknowledgements can cause denial of service (CERT/CC VU#102014)

The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. Numerous Internet protocols such as HTTP, SMTP, and FTP rely on TCP as their underlying transport protocol. Several different...

JSA10376 - Pulse Policy Secure (PPS) Infranet Controller Webroot Path Disclosure Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. By requesting the 'remediate.cgi' script omitting certain parameters, the embedded IC web server returns the physical path of the webroot '/home/webserver/htdocs/' within an "Execute...

SA40145 - [Pulse Secure] January 28th 2016 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 28th 2016 the OpenSSL project announced two new security advisories. The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/secadv/20160128.tx...

CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

Exploit for Improper Authentication in Ivanti Connect_Secure

CVE-2021-22893 THIS IS NOT A REAL EXPLOIT IT IS A HONEYPOC ht...

Election Systems Under Attack via Microsoft Zerologon Exploits

U.S. government officials have warned that advanced persistent threat actors APTs are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems. Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively...