773 matches found
PT-2020-14207 · Lyft +1 · Envoy +1
Content removed...
Exploit for Improper Resource Shutdown or Release in Microsoft
Web-Security-Note Record some common Web security sites 由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了,所以利用这个项目来记录一下,以便查阅。 目录: - CTF - Online-Tools - 漏洞环境 - 信息搜集 - 工具 - 面经 - BypassWAF - WEB安全 - 漏洞挖掘 - 渗透测试 - 内网渗透 - 扫描器开发 - 开发 - 运维 CTF + CTF Time + Pwnhub + CTF论剑场 + 南京邮电大学CTF平台 + Whale CTF + JarvisOJ + Hackme CTF ...
SAP NetWeaver AS Java Multiple Vulnerabilities
The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple vulnerabilities, as referenced in SAP Security Note 2934135. - LM Configuration Wizard of SAP NetWeaver AS JAVA, does not perform an authentication check which allows an attacker without prior...
UBUNTU-CVE-2018-20225
An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...
Design/Logic Flaw
nwbcext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbcext2int/ URI...
CVE-2015-7968
nwbcext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbcext2int/ URI...
DEBIAN-CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...
CVE-2019-0271
ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...
Xxe
ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...
CVE-2019-0271
ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...
CVE-2019-0271
CVE-2019-0271 affects ABAP Server (NetWeaver/Suite/ERP) and ABAP Platform. The vulnerability is an XML External Entity (XEE) issue caused by insufficient validation of XML documents from untrusted sources, enabling potential manipulation via external entities. Affected ranges: ABAP Server 7.00–7....
CVE-2013-7245
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...
Authentication flaw
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...
CVE-2013-7245
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...
CVE-2013-7245
The CVE-2013-7245 issue affects SAP Sybase ASE 15.7 Backup Server component prior to SP51. The root cause is a failure to validate credentials, allowing remote attackers to bypass access restrictions and perform database dumps. Impact is exposure of data via unauthorized dumps; no exploitation de...
perpustakaan.undiksha.ac.id XSS vulnerability
Open Bug Bounty ID: OBB-607581 Description| Value ---|--- Affected Website:| perpustakaan.undiksha.ac.id Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-10054
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...
Solaris 10 (x86) : 120665-01
SunOS 5.10x86: tl driver patch. Date this patch was last updated by Sun : Sep/15/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Solaris 10 (sparc) : 137204-31
Messaging Server 64bit 7.0.5.31.0: core patch. Date this patch was last updated by Sun : Jun/02/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Solaris 10 (x86) : 150118-01
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent...