13 matches found
Ray's New Token Authentication is Disabled By Default
Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...
CVE-2025-31932
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: ILIAS eLearning platform vulnerable version: = 7.15 fixed version: 7.16 CVE number: CVE-2022-45915, CVE-2022-45916,...
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root user, whi...
CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions...
WECON Technology Co., Ltd. LeviStudio HMI Editor
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, a...
Siemens SINUMERIK Integrate and SINUMERIK Operate
CVSS v3 7.4 ATTENTION: Remotely exploitable. Vendor: Siemens Equipment: SINUMERIK Integrate, SINUMERIK Operate Vulnerability: Man-in-the-Middle AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SINUMERIK Integrate and Operate product suite versions: SINUMERIK Integrat...
HP Storage Essentials Secure NaviCLI未明远程特权提升漏洞
BUGTRAQ ID: 34613 CVE ID:CVE-2009-0715 CNCVE ID:CNCVE-20090715 HP Storage Essentials是一款基础设施管理解决方案,消除服务器和存储管理的复杂性。 HP Storage Essentials运行Secure NaviCLI存在安全漏洞,远程攻击者可以利用漏洞获得未授权访问或获得更高的特权。 目前没有详细漏洞细节提供。 HP Storage Essentials SRM Standard 6.0.4 HP Storage Essentials SRM Standard 6.0.3 HP Storage...
Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow
====================================================================== Secunia Research 23/01/2009 - AXIS Camera Control "imagepantilt" Property Buffer Overflow - ====================================================================== Table of Contents Affected...
Opera Web浏览器位图文件RLE远程拒绝服务漏洞
BUGTRAQ ID: 26721 Opera是一款流行的WEB浏览器,支持多种平台。 Opera在处理畸形的BMP文件时存在漏洞,可能导致系统一定时间的性能大幅下降。 BMP文件允许游程长度编码4位和8位的位图。BMP格式中所使用的RLE有一些额外的功能,如移动到其他行和列的写指针(00 02 XX YY)。Opera实现00 02 XX YY功能的算法过于缓慢,正常解压算法是将XX和YY width添加到写指针,而Opera的实现要执行XX + YY width递增,每次递增都要执行自己的检查和其他计算。 攻击者可以创建最大宽度(约32000像素)的BMP文件,用00 02 FF F...
[SA14457] Adobe Reader for Linux Insecure Temporary File Creation
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Overly large OPT record assertion
Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this...