CVE-2026-33501

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user...

EUVD-2023-42122

Malicious code in bioql PyPI...

PT-2022-26786 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue exists in the Users Access Groups feature, specifically in the /index.php?module=users groups/users groups API endpoint, allowing authenticated attackers to execut...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...

pentest-wiki

This repository is an information gathering library for penetration testers and researchers, containing various tools and documentation for gathering information about a target organization. The repository includes scripts and guides for performing whois searches, querying whois databases, and...

January 23, 2020—KB4534308 (OS Build 17134.1276)

January 23, 2020—KB4534308 OS Build 17134.1276 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update wit...

Cross site request forgery (csrf)

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery CSRF vulnerability. Please be aware that the Demo application is not enabled by default...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (5)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

MacOS_encryption_algorithm.txt

Subject: MacOS system encryption algorithm 3 To: [email protected] Sometime ago, Dawid adix Adamski sent to bugtraq the encryption algorithm in MacOS personal AppleShare server he found. I have been researching a little on this subject, and I've found his code fails when decoding the firs...

Apple Mac OS 8 8.6 - Weak Password Encryption

Apple Mac OS 8 8.6 - Weak Password Encryption source: https://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and...