986 matches found
xDedic Hacked Servers Market May Be Larger Than Originally Thought
New data anonymously shared with Kaspersky Lab researchers may enlarge the scope of and provide additional context to the hacked RDP servers for sale on the now defunct xDedic marketplace. The underground marketplace was disclosed in a report published last Tuesday describing an eBay-style platfo...
Arbitrary File Upload Vulnerability in New Harvest Technology Creative Portal Information Management System
Creative Portal Management System is a creative information publishing platform applied in the construction of New Harvest Technology. The New Harvest Technology Creative Portal Information Management System has an arbitrary file upload vulnerability that allows attackers to exploit the...
WordPress RobotCPA Plugin Local File Inclusion
An information disclosure vulnerability exists in WordPress RobotCPA Plugin. Successful exploitation of this vulnerability could allow a remote attacker to access the content of files found on the web server...
Arbitrary File Upload Vulnerability in PatrolFlow Multi-service Security Gateway Intelligent Management Platform of Beijing Byzoro Network Technology Co.
PatrolFlow is a multi-service security gateway intelligent management platform of Beijing Byzoro Network Technology Co. An arbitrary file upload vulnerability exists in the PatrolFlow multi-service security gateway intelligent management platform of Beijing Byzoro Network Technology Co. The...
Authentication Bypass
Overview Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote...
Multiple vulnerabilities in the Nepalese national government's common website building system
Nepal National Government Universal System NGUS is a website builder system. There are multiple vulnerabilities in the NGN Universal System that can be exploited by an attacker to obtain sensitive information from the database, upload a webshell, and gain access to the server...
server: patch operation should use patched object to check admission control
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space...
New Relic: [download.newrelic.com] Access to private directories
When we try to open a private folder http://download.newrelic.com/private/ we get a warning: This directory contains special-access versions of the New Relic agents. If you would like to participate in early access or beta testing programs please contact [email protected] and they will forward...
PayPal remote command execution vulnerability analysis-vulnerability warning-the black bar safety net
2 0 1 5 year 1 2 on, the author in the PayPal of a sub-station in found a to be able to remotely execute arbitrary shell commands java deserialization vulnerability, and can impact PayPal products database. I'll be the bug was submitted to PayPal, and was quickly repaired. Vulnerability details !...
UFIDA PDM system suffers from java deserialization vulnerability
UFIDA PDM system is oriented to manufacturing technology informatization, product as the core, product-related data, process, resource integration and management system. UFIDA PDM system has a java deserialization vulnerability that allows attackers to exploit the vulnerability to execute remote...
SQL Injection, Arbitrary File Upload Vulnerability in Panavision Standard Edition e-office
Panmicro Office e-office Standard Edition is a work platform for small businesses or teams. SQL injection and arbitrary file upload vulnerabilities exist in Panmicro Standard Edition e-office, allowing attackers to exploit the vulnerabilities to obtain sensitive database information, upload...
Zhongkexinye Network Sentinel Arbitrary Command Execution Vulnerability
ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing, and is deployed as a bypass at the network egress. An arbitrary command execution vulnerability exists in ZKXN Network Sentry. The vulnerability exists in the file:...
Zhongkexinye Network Sentinel Arbitrary File Upload Vulnerability (CNVD-2015-07932)
ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing and is deployed at the network exit in a bypass mode. ZKXN Network Sentry suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to upload...
PuTTY -- memory corruption in terminal emulator's erase character handling
Ben Harris reports: Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be abl...
The vulnerability of the MySQL database management system allows a attacker to gain access to the MySQL Server or execute arbitrary code.
The vulnerability of Client programs, a sub-component of the MySQL database management system, is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating locally, to gain access to the MySQL Server or execute arbitrary code...
The vulnerability of the Squid proxy server allows attackers to bypass existing restrictions and gain access to the server.
The vulnerability of the Squid proxy server is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to bypass existing restrictions and gain access to the server by manipulating the CONNECT request...
jenkins: external entity injection via XPath (SECURITY-165)
It was found that Jenkins' XPath handling allowed XML External Entity XXE expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server...
How the invasion of the Pocket within the network-vulnerability warning-the black bar safety net
Let's black IT security recently reported, the Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server, obtain sensitive information. Here offer tutorials for everyone to learn and exchange. The Pocket is what I have many years did not put...
Firefox bookmarks extensions apps Pocket: vulnerability mining not so difficult-vulnerability warning-the black bar safety net
The Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server to obtain WEB Services, internal IP address, as well as more sensitive information. Pocket profile Pocket formerly known as Read it Later, as the name suggests, is an online...
Arbitrary File Upload Vulnerability in WeChat Service Intelligent Platform of Yue Liang Legend Technology Co.
The main business of EVERLIGHT LEGEND TECHNOLOGY CO., LTD. is industry application software, and the main customers are telecommunication operators, electric power and aviation. WeChat Service Intelligent Platform is one of the operating platforms of Yue Liang Legend Technology Co. A generic...