IBM ApplinX 数据伪造问题漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

EUVD-2009-0512

Malware in sbrugna...

IBM ApplinX Cross-Site Request Forgery Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...

How to Export Console and HAR File

Purpose This article documents how to generate a HAR file HTTP Archive to provide additional diagnostic information when investigating issues for web-based applications e.g., Veeam Service Provider Console, Veeam Recovery Orchestrator, etc. Solution 1. Launch the web browser. 2. Open the Develope...

GHSA-J47C-J42C-MWQQ Solana Pay Vulnerable to Weakness in Transfer Validation Logic

Description When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied validateTransfer function. An edge case regarding this mechanism could cause the validation logic to validate multiple...

CVE-2022-1231

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

RCE 'Bug' Found and Disputed in Popular PHP Scripting Framework

Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack. However, those that maintain Zend Framework emphasize that t...

CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2025 =================== "Remote Code Execution RCE via Unrestricted File Upload" CWE-434 vulnerability in "Intrexx Professional" product Vendor =================== United Planet GmbH Product =================== "Intrexx is an integrated...

NextApp Echo < 2.1.1 XML Injection Vulnerability

No description provided by source. SEC Consult Security Advisory 20090305-0 ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2...

Facebook Bug Bounty Submissions Dramatically Increase

Facebook today reported a dramatic increase in 2013 submissions to its bug bounty program, and said that despite reports from researchers that it’s becoming difficult to find severe bugs on its various properties, the social network plans to increase rewards for critical bugs. “The volume of...

Novell Client NetIdentity Agent Remote Pointer Dereference Code Execution - Ver2 (CVE-2009-1350)

The Novell NetIdentity agent works with eDirectory authentication to provide background authentication to Windows Web-based applications that require eDirectory authentication, such as iPrint, Novell Portal Services, eGuide, Novell NetIdentity, ZENworks, NetStorage, and iManager. NetIdentity...

Oracle Application Framework - Diagnostic Mode Bypass

Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1.3 Product description: The Oracle...

Sybase M-Business Anywhere两个权限提升漏洞

Sybase 的M-Business Anywhere 可以提供一个移动内容和应用程序平台，将基于Web的移动内容和应用程序传送至移动设备。 Sybase M-Business Anywhere在实现上存在两个未明细节的漏洞，可被恶意用户利用获取提升的权限。 Sybase Sybase M-Business Anywhere 7.x Sybase Sybase M-Business Anywhere 6.x 厂商补丁： Sybase ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.sybase.com/...

SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability

SEC Consult Security Advisory 20090305-0 ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2 found: Feb. 2008 by: Anonymous / SEC...

NextApp Echo < 2.1.1 XML Injection Vulnerability

Exploit for multiple platform in category remote exploits ================================================ NextApp Echo ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1...

NextApp Echo &lt; 2.1.1 - XML Injection

SEC Consult Security Advisory ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2 found: Feb. 2008 by: Anonymous / SEC Consult...