EUVD-2016-7382

Malware in sbrugna...

EUVD-2016-7390

Malware in sbrugna...

EUVD-2020-3967

Malware in sbrugna...

CVE-2025-6204

DELMIA Apriso CVE-2025-6204 is a code-injection vulnerability affecting Release 2020–2025. The root cause is improper control of file uploads: the upload handler fails to canonicalize filenames or enforce storage restrictions, enabling an authenticated attacker to place executable artifacts in we...

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-11622

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368., 4.21.4-FCRFX., 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1...

BELL-CVE-2024-46818

Bulletin has no description...

FAQ: Fail-To-Wire Feature in CloudBridge 2000 and 3000 Appliances

This article is an FAQ on the Fail-To-Wire FTW functionality found in the new Citrix CloudBridge 2000 and Citrix CloudBridge 3000 appliances. Q: What is the supported software release? A : The FTW feature is supported with the following software releases: SVM build: NS 10.0.72.5007 CloudBridge...

SUSE CVE-2015-8346

app/views/timelog/form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form...

JSA10490 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Cross Site Scripting issue found in Secure Meeting web...

Aruba Networks EdgeConnect 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect that originates from allowing an authenticated remote user to run arbitrary commands on the underlying host, which could be exploited by a...

How to Configure an NTP Server on a NetScaler Appliance

This article contains information about configuring a Network Time Protocol NTP server on a NetScaler appliance. Background In the earlier releases of the NetScaler software, you need to manually edit multiple files from the shell prompt of the NetScaler appliance to configure an NTP server. The...

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager DCNM for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches...

Default credentials

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account...

CVE-2019-1942

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

Sql injection

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

CVE-2019-1942 Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

February 2019 Oracle Outside In Library Security Update

Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. The February 12, 2019 releases of Microsoft Exchange Server contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory - October 2018 The following software releases include...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0359)

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin...