7874 matches found
CVE-2020-2877
Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Attribute Admin Setup. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner...
Unspecified Vulnerability in Oracle Partner Management
Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on a variety of management software collection, is a seamless integration of a management suite. Oracle...
Application Compatibility Update for Windows Server 2008, Windows 7, and Windows Server 2008 R2: November 2012
Application Compatibility Update for Windows Server 2008, Windows 7, and Windows Server 2008 R2: November 2012 INTRODUCTION The Windows Application Compatibility Update is a software update that improves the compatibility experience in the following Microsoft Windows operating systems: Windows...
CVE-2018-21047
An issue was discovered on Samsung mobile devices with O8.x software. There is a Factory Reset Protection FRP bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 November 2018...
CVE-2018-21047
An issue was discovered on Samsung mobile devices with O8.x software. There is a Factory Reset Protection FRP bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 November 2018...
CVE-2019-13559
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...
Hardcoded credentials
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...
CVE-2019-13559
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...
Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
This blog post continues the FLARE script series with a discussion of patching IDA Pro database files IDBs to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in...
Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...
DEBIAN-CVE-2020-6095
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerabili...
CVE-2020-6095
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerabili...
Null pointer dereference
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerabili...
CVE-2020-6095
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerabili...
CVE-2020-6095
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerabili...
CVE-2020-10888
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during...
(Pwn2Own) TP-Link Archer A7 SSH Port Forwarding Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability
Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.4.1. An attacker can exploit this vulnerability via the setup/setup-datasource-standard.jsp password parameter ...
CVE-2019-20526
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...