24 matches found
CVE-2020-12715
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control...
EUVD-2020-21545
Malware in sbrugna...
EUVD-2021-17122
Malware in sbrugna...
EUVD-2018-1307
Malware in sbrugna...
EUVD-2019-8740
Malware in sbrugna...
EUVD-2025-11386
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-45129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impac...
CVE-2025-6741
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...
CVE-2025-0691
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...
PT-2025-1364 · Nmap +1 · Nmap +1
Name of the Vulnerable Software and Affected Versions: EyesOfNetwork EON versions 5.3.11 and earlier Description: An issue was discovered in EyesOfNetwork EON where privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the...
DEBIAN-CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
PYSEC-2023-199
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
Siemens SINEMA Remote Connect Server Access Control Error Vulnerability (CNVD-2022-45224)
SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunnel connections VPNs between headquarters, service technicians, and installed machines or plants.An access control error vulnerability exists in Siemens SINEMA Remote Connect Server, which stems from the...
FANUC Robot Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: R-30iA and R-30iB series controllers Vulnerabilities: Integer Coercion Error, Out-of-bounds Write 2. UPDATE INFORMATION This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC...
Gallagher Command Center Server Access Control Error Vulnerability (CNVD-2021-43485)
Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. An access control error vulnerability exists in Gallagher Command Centre Server that stems from an improper authorization vulnerability in Gallagher Command Cent...
U.S. Dept Of Defense: Blind SQL iNJECTION
Hi DoD Secuirty team , i found Blind SQL Injection in this below domain https://███████ Proof of concept: Vuln URL:https://██████████/██████ Pooc: URL encoded POST input ███ was set to -1' OR 321=6 AND 1=1 or '4mEwSPwJ'=' Tests performed: -1' OR 1=1 or '4mEwSPwJ'=' = TRUE -1' OR 2=4 or '4mEwSPwJ'...
PT-2020-3668
Name of the Vulnerable Software and Affected Versions Microsoft Windows Server versions prior to the fixed version Description An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon...
Oracle MySQL Server Component Access Control Error Vulnerability (CNVD-2019-26538)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A component access control error vulnerability exists in the MySQL Server component of Oracle MySQL, version 5.7.26 and earlier, and the Server: Audi...
Debian DLA-1801-1 : zookeeper security update
It was discovered that there was an information disclosure vulnerability in zookeeper, a distributed co-ordination server. Users who were not authorised to read data were able to view the access control list. For Debian 8 'Jessie', this issue has been fixed in zookeeper version 3.4.9-3+deb8u2. We...
CVE-2012-5302
The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...