Liferay Portal has External Control of System or Configuration Settings

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...

CVE-2025-43792

CVE-2025-43792 affects Liferay Portal 7.4.0–7.4.3.105 and older unsupported versions, and Liferay DXP 2023.Q4.0/2023.Q3.x, where the live-site remote address is not reliably obtained from the database. This allows remote authenticated users to exfiltrate data to an attacker-controlled server via ...

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. "In this incident, the threat actor...

QIWI: disclosing clients' secret keys https://stage-uapi.tochka.com:2000/

The reporter has found an open URL on a staging server leaking client IDs and client secrets used in oauth2...

Cisco Ultra Services Framework Staging Server Security Bypass Vulnerability

Cisco Ultra Services Framework Staging Server is a segmentation server in an intelligent online service delivery platform from the U.S. company Cisco Cisco. A security vulnerability exists in Cisco Ultra Services Framework Staging Server. A remote attacker could exploit the vulnerability to log i...

Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability

Cisco Ultra is the virtual, mobile services platform. A security vulnerability in the AutoIT service of the Cisco Ultra Services Framework Staging Server can be exploited by an unauthenticated, remote attacker to execute arbitrary shell commands as a Linux root user due to a failure to properly...

CVE-2017-6714

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

CVE-2017-6714

CVE-2017-6714 affects Cisco Ultra Services Framework Staging Server; the AutoIT service allows an unauthenticated remote attacker to execute arbitrary Linux shell commands as root due to improper shell invocations. Impact is confirmed as remote, unauthenticated arbitrary command execution with ro...

Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

CVE-2017-6685

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected...

Default credentials

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected...

CVE-2017-6685

CVE-2017-6685 affects Cisco Ultra Services Framework Staging Server. The issue arises from weak, hard-coded admin credentials, allowing an authenticated remote attacker with access to the management network to log in as an admin. The Cisco advisory states there are no workarounds; mitigation requ...

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...