CVE-2022-0073

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control C2 script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automati...

Badaso vulnerable to Remote Code Execution via malicious file upload

Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Lavalite vulnerable to Arbitrary File Read via Directory Traversal

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server...

CVE-2022-21600

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

DEBIAN-CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

ALSA-2022:6781 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution

The theme allows website editors to include executable code blocks in their website, which can contain arbitrary PHP code. By default, code execution is intended to be disabled, with website administrators having to explicitly allow code execution for specific user roles. However, due to improper...

Trend Micro Deep Security 后置链接漏洞

Trend Micro Deep Security is a server deep security system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

Path traversal

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...

CVE-2022-2557

CVE-2022-2557 affects the WordPress plugin Team Members Showcase (tlp-team) prior to version 4.1.2. The vulnerability allows an authenticated user to exploit a path traversal flaw to download arbitrary files from the server, with the problematic file being deleted after its contents are returned ...

Security Bulletin: Vulnerability in Diffie-Helman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis. Vulnerability Details CVEID : CVE-2015-4000 DESCRIPTION : The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure t...

CVE-2022-35540

CVE-2022-35540 concerns AgileConfig prior to 1.6.8 where a hard-coded JWT secret in the server enables remote attackers to forge a token and gain administrator access. The issue, documented across multiple sources (Red Hat, GHSA, OSV, NVD), attributes the root cause to an inline secret, allowing ...

CVE-2022-2046

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...

DLA-3068-1 xorg-server - security update

Bulletin has no description...

The vulnerability of the eset_rtp module in ESET Endpoint Antivirus and ESET Server Security allows a hacker to cause a service failure.

The vulnerability of the esetrtp module in ESET Endpoint Antivirus and ESET Server Security antivirus protection tools is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

[SECURITY] Fedora 36 Update: golang-github-liamg-scout-0.15.1-5.fc36

A lightweight URL fuzzer and spider: Discover a web server's undisclosed file s, directories and VHOSTs...

Code injection

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2...