CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive AP...

PT-2022-18540 · F5 +1 · F5 Big-Ip Apm +2

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP APM versions prior to 16.1.2.2 F5 BIG-IP APM versions prior to 15.1.5.1 F5 BIG-IP APM versions prior to 14.1.4.6 F5 BIG-IP APM versions prior to 13.1.5 F5 BIG-IP APM versions 12.1.x and 11.6.x F5 BIG-IP APM Clients versions prior to...

CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive AP...

F5 BIG-IP APM 日志信息泄露漏洞

F5 BIG-IP APM and F5 BIG-IP APM Clients are both products of F5, Inc. F5 BIG-IP APM Clients is a suite of APM client software. F5 BIG-IP APM is vulnerable to log information disclosure, which can be exploited by attackers to view sensitive information related to APM sessions...

DELL EMC NetWorker 信任管理问题漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in Dell EMC NetWorker that originates from acting as a...

The vulnerability in the ext/session/session.c component of the PHP programming language interpreter allows a hacker to modify user session data.

The vulnerability of the ext/session/session.c component in the PHP programming language exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a remote attacker to modify user session data...

Siemens SCALANCE 安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...

CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

CVE-2021-41697

creationtimestamp| type| source ---|---|--- 2021-12-09 18:24:11+00:00| seen| https://t.me/cibsecurity/33702...

Fortinet FortiClient 信任管理问题漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, a US-based company. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.Fortinet FortiClient has a security...

EulerOS 2.0 SP3 : python-beaker (EulerOS-SA-2021-2608)

According to the versions of the python-beaker package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain...

CVE-2021-33691

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim ha...

CVE-2020-7819

A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...

secure USB management solution SQL注入漏洞

secure USB management solution is kingston's easy way to manage encrypted USB drives for increased data security. The secure USB management solution suffers from a SQL injection vulnerability that could be exploited by a remote, unauthenticated attacker to execute SQL queries to access usernames,...

Hashicorp HashiCorp Vault 信息泄露漏洞

HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. An information disclosure vulnerability exists in HashiCorp Vault, which stems from a misconfiguration of the product's cache that causes the browser to incorrectly cache sensitive information about a...

PHP 7.3.15-3 - (PHP_SESSION_UPLOAD_PROGRESS) Session Data Injection Exploit

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will return a revers...

PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...