Security Bulletin: Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467)

Abstract The version of IBM Eclipse Help System that is shipped with IBM SPSS Data Collection versions 6.0, 6.0.1 "Data Collection" and 7.0 has multiple security vulnerabilities. These vulnerabilities allow attackers to perform cross-site scripting and source code disclosure attacks. Content...

SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features 1. Supported PHP Language 2...

CVE-2022-35024

OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S...

CVE-2022-35030

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954...

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability By Trellix · September 21, 2022 This story was also written by Kasimir Schulz While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we...

CVE-2022-35063

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8...

CVE-2022-23768

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...

CVE-2022-23768 Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...

Neo Information Systems Home AP NIS-HAP11AC 安全漏洞

The Neo Information Systems Home AP NIS-HAP11AC is a wireless access point from Neo Information Systems in South Korea. A security vulnerability exists in Neo Information Systems Home AP NIS-HAP11AC version V3.0-B20201117095902, which originates from an external port exposure of the telnet servic...

MTN Group: Exposure Of Admin Username & Password

Hello Team, Ther an exposure of your username and password on this subdomain https://engage2.mtnonline.com/nc/ Exposed Credentials uid: "mtnng", passwd: "bd31568138edbfc0552a1ecc6886ea5c", Steps To Reproduce: Visit https://engage2.mtnonline.com/nc/ Now, press CTRL+U to view the source code of thi...

Hackers Had Access to LastPass's Development Systems for Four Days

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass...

CVE-2022-34002

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...

CVE-2022-34002

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...

Design/Logic Flaw

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 CVE-2021-41773 POC with Docker Configurati...

Academy Learning Management System 5.7 Shell Upload Exploit

Exploit Title: Academy Learning Management System 5.7 Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 Version: 5.7 Tested on Ubuntu 18.04 Totally wrong architecture f...

CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

PT-2022-4702 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to the implementation of security functions on the client-side of the Cognex 3D-A1000 Dimensioning System. This could allow a remote attacker ...

Amazon Linux 2022 : cpp, gcc, gcc-c++ (ALAS2022-2022-057)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-057 advisory. A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceiv...

Aura - Python Source Code Auditing And Static Analysis On A Large Scale

Source code auditing and static code analysis Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on...