67 matches found
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
Twisted SSH client and server deny of service during SSH handshake.
Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...
Axis IP Camera Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis IP Camera Application Upload', 'Description' = %q This module exploits the "Apps" feature in Axis IP cameras. The feature allows third party...
Axis IP Camera Application Upload
This module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute 'eap' applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary code. Th...
Schneider Electric GUIcon
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: GUIcon Vulnerabilities: Out-of-bounds Write, Use After Free, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary...
Apache OpenOffice Data Forgery Issue Vulnerability
Apache OpenOffice is an open source office software suite from the Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, etc. Apache OpenOffice is vulnerable to a data forgery issue in versions prior to 4.1.10, which stems from a networked...
CVE-2021-41830 Double Certificate Attack
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...
Apache OpenOffice 数据伪造问题漏洞
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. Versions of Apache OpenOffice prior to 4.1.10 contain a data forgery issue vulnerability that can be...
Cachet vulnerable to forced reinstall
Impact Authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. Patches This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the...
CVE-2021-39174
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...
Default configuration
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
Design/Logic Flaw
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39173 Forced reinstall
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...
Cross-site Scripting (XSS) - Reflected in erudika/scoold
✍️ Description It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser. 🕵️♂️ Proof of Concept...
Reinforce Defense with File Reputation and Trusted Source Intelligence in Qualys FIM
Monitoring change events in the file system is both a crucial aspect of security and a critical compliance requirement. A file integrity monitoring tool functions as an essential layer of defense to identify illicit activities across critical system files and registries, diagnose changes, and sen...
Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency NSA. Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could all...
Exploit for XML Injection (aka Blind XPath Injection) in Nsa Ghidra
CVE-2019-16941 Proof-of-Concept: The vulnerability requires...
Arbitrary Command Execution
Salt is vulnerable to command execution. If the pillar content given to cmd.run is not coming from a trusted source, attackers could execute commands on command line...