GO-2021-0084 Incorrect permissions for critical resource in github.com/astaxie/beego

Session data is stored using permissive permissions, allowing local users with filesystem access to read arbitrary data...

PYSEC-2021-113

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

Brocade Fabric OS Encryption Issues Vulnerabilities

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. Brocade Fabric OS has a cryptographic issue vulnerability that can be exploited by an attacker to act as a man-in-the-middle in order to read and write data within a session...

Sonicwall SMA100 SQL Injection Vulnerability

The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A SQL injection vulnerability exists in the SonicWall SSLVPN SMA100 product, which allows a remote, unauthenticated attacker to execute a SQL query to access usernames passwords and other session-related information...

h1-ctf: Hacky Holidays CTF Writeup

Intro: 12 days of challenges - some more challenging than others! This holiday CTF had all 12 challenges hosted on the website https://hackyholidays.h1ctf.com/ F1129112 Challenge 1: I started by significantly overthinking all of the early challenges in this competition. When this CTF started the...

HAXX libcurl 信任管理问题漏洞

Haxx libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. Haxx libcurl suffers from a trust management issue vulnerability that can be exploited by an attacker to act as a man-in-the-middle by performing...

Kubernetes Security Vulnerabilities

Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment and operation, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that ca...

IBM Cloud Pak for Security 代码问题漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product's failure...

BugPoC: XSS Challenge

Hello, ID: bp-oJelDA6b Password: PLEAsEdYAk24 Impact The attacker can steal any user session data...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java versions 7.10,...

Fix of 227 CVE

Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

ARC Informatique PcVue Information Disclosure Vulnerability

Pcvue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications including industrial control, building management, energy management, smart grid, energy distribution,...

CVE-2020-26869

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

CVE-2020-26869

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

Information disclosure

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

CS2 Network P2P Information Disclosure Vulnerability

CS2 Network P2P is a P2P peer-to-peer networking platform. A security vulnerability exists in CS2 Network P2P 3.x and prior versions. An attacker can exploit this vulnerability to obtain user session data...

CVE-2020-9526

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...

Design/Logic Flaw

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...