Zscaler Client Connector Access Control Error Vulnerability

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...

Redeemer.sol#redeem() can be called by anyone before maturity, which may lead to loss of user funds

Lines of code Vulnerability details function redeem uint8 p, address u, uint256 m public returns bool // Get the principal token that is being redeemed by the user address principal = IMarketPlacemarketPlace.marketsu, m, p; // Make sure we have the correct principal if p !=...

Cisco CallManager和Openser SIP消息非授权呼叫漏洞

BUGTRAQ ID: 26057 Cisco CallManager和OpenSER都是常用的网络IP电话解决方案。 Cisco CallManager和OpenSER没有检查用户在Digest认证头中所提供的URI是否与消息的REQUEST-URI一致，这允许恶意用户从正常用户嗅探Digest认证，然后代表该用户呼叫任意扩展。 Cisco Call Manger 5.1.1.3000-5 OpenSER OpenSER 1.2.2 Cisco ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...