CVE-2018-25317 Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change

Tenda W3002R/A302/W309R wireless routers version V5.07.64en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted...

CVE-2023-4506

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...

EUVD-2019-8851

Malware in sbrugna...

EUVD-2008-1262

Malware in sbrugna...

EUVD-2008-1252

Malware in sbrugna...

Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...

CVE-2019-19225

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns1 POST request...

CVE-2023-4505

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...

CVE-2023-4506

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...

WordPress Plugin ldap-login-for-intranet-sites Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

Azure File Sync Agent v16 Release - January 2023

Azure File Sync Agent v16 Release - January 2023 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v16 release that is dated January 2023. Additionally, this article contains installation instructions for this release. Improvements and issues that are...

CVE-2019-19225

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns1 POST request...

CVE-2020-9330

Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices e.g., by using default credentials can change the LDAP connection IP...

Description of Update Rollup 1 for System Center 2012 R2 Virtual Machine Manager

Description of Update Rollup 1 for System Center 2012 R2 Virtual Machine Manager Summary This article contains a complete description of all changes in Update Rollup 1 for Microsoft System Center 2012 R2 Virtual Machine Manager. Important It is imperative that you review the installation...

Free Online Game website offers $13,000 Reward to expose details on DDoS attack

Currently there are more than Million people worldwide playing Windows Games, Computer Games and Online Video Games, at least an hour a day, but the gaming servers are often insecure and misconfigured. Yesterday, a popular multiplayer Free Online Game 'Wurm' servers were knocked offline by...

openSUSE Security Update : finch (finch-188)

specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code CVE-2008-2927. - overly long file names in MSN file transfers could crash pidgin CVE-2008-2955. - SSL certifcates were not verfied. Therefore piding...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by 1 an SMTP server change through the confSMTPMailServer1 parameter to ServerManager.srv and 2...

PT-2007-4995 · Apple · Iphone

Name of the Vulnerable Software and Affected Versions: Apple iPhone version 1.1.1 Description: The issue allows remote attackers to steal credentials and read email via a man-in-the-middle MITM attack because Mail in Apple iPhone does not warn the user when the mail server changes or is not trust...

Update for Windows Server 2008 x64 Edition (KB3192321)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...