JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a.....

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 275. Vulnerability Details ** CVEID: CVE-2023-43804 DESCRIPTION: **urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not.....

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

Malicious code in self-service-flex (npm)

-= Per source details. Do not edit below this...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...

Malicious code in self-service-sigma-account (npm)

-= Per source details. Do not edit below this...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...

Malicious code in 37_pieces-of-flair (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in nintendo-of-europe (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (83c974b5b6c49df853841d0c3fef7af9c28d6098c68985d09855aee2fe153d52) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in code-of-daily-modern-wordfare (npm)

-= Per source details. Do not edit below this...

Brute Force Attack

ezsystems/ezplatform-user is vulnerable to Brute Force Attack. The vulnerability is due to the password reset functionality not having sufficient protections against brute force attacks, allowing attackers to repeatedly attempt different passwords to gain unauthorized access to user...

CVE-2020-3259

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

Malicious code in to-watch-avatar-2-the-way-of-water-full-online-stream04 (npm)

-= Per source details. Do not edit below this...

CVE-2023-49032

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary...

Malicious code in watch-avatar-the-way-of-water-movie-online-free-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-online-movie-free-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-full-movies-free-on-at-home (npm)

-= Per source details. Do not edit below this...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions (CVE-2023-44487, CVE-2024-25026) and two instances of weaker than expected security (CVE-2023-50312, CVE-2023-46158) due to WebSphere Application Server Liberty. WebSphere Application Server...

Malicious code in where-to-watch-shazam-fury-of-the-gods-fullmovies-free-on-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watching-shazam-fury-of-the-gods-2023-full-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-2023-movie-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shark-side-of-the-moon-2023-full-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-shazam-fury-of-the-gods-2023-online-free-on-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watching-shazam-fury-of-the-gods-movie-online-on-free-at-the-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watching-shazam-fury-of-the-gods-movie-online-on-free-at-the-home-free (npm)

-= Per source details. Do not edit below this...

Malicious code in shazam-fury-of-the-gods-2023-full-online-free-on-streaming-at-index-main (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-now-shazam-fury-of-the-gods-2023-full-online-free-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in watch-for-shazam-fury-of-the-gods-2023-full-online-free-streaming-at-home (npm)

-= Per source details. Do not edit below this...

Malicious code in shazam-fury-of-the-gods-watching-full-online-free-on-streaming-at-index-main (npm)

-= Per source details. Do not edit below this...

U.S. Dept Of Defense: Subdomain takeover ████████.mil

Description: The subdomain █████.mil is pointing to peosol-lg.███████., the domain ██████ is currently available for registration as can be seen at https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=█████ Given the rules, residency of the US, of the us-tld I decided not to register the.....

Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests...

Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

Brute Force Attack

silverstripe/framework is vulnerable to Brute Force attacks. The vulnerability is due to the default Administrator accounts not being subject to the same brute force protection as other Member accounts, allowing unlimited login...

U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███

Vulnerability Identifier: OOB Memory Read (CVE-ID Pending) Affected System: Netscaler ADC and Gateway deployed at https://███████/nf/auth/doAuthentication.do Overview: An out-of-bounds (OOB) memory read vulnerability has been identified in Netscaler ADC (Application Delivery Controller) and...

Bypassing check of isBluetoothShareUri to force Bluetooth app to grant its accessible ContentProviders' access

In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...

Brute Force Attack

ezsystems/ezplatform-admin-ui is vulnerable to a Brute Force Attack. The vulnerability is due to a weakness in the forgotten password reset functionality, which allows excessive attempts without sufficient lockout...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CloudArmor · Runtime Application Self-Protection Module -...

Tokenizer vulnerable to client brute-force of token secrets

Impact Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header. Patches This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in...

U.S. Dept Of Defense: Subdomain Takeover via Host Header Injection on www.█████

Vulnerability Overview Reported By: Ezequiel [@ezequielpuig] Reported Date: 01/October/2023 Reported To: U.S. Department Of Defense Vulnerability Type: Subdomain Takeover Affected URL: www.███████ Hello U.S. Department Of Defense Security Team, I hope this report finds you well. I want to bring...

Tokenizer vulnerable to client brute-force of token secrets

Impact Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header. Patches This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in...

Why Security Awareness Training is Your Best Defense

Cybercriminals are constantly on the lookout for ways to infiltrate our devices and steal our personal information....

Brute-force of token secrets in github.com/superfly/tokenizer

Brute-force of token secrets in...

Download Manager < 3.2.87 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

U.S. Dept Of Defense: CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots

Description: CVE-2021-39226 Discovered on endpoint https://███████/api/snapshots/:key where this issue poses a significant risk to the confidentiality and integrity of snapshot data, allowing both authenticated and unauthenticated users unauthorized access and deletion capabilities. References...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...