[webapps] ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
Aggregator
[webapps] ABB Cylon Aspect 3.08.03 - Hard-coded Secrets
4 months 2 weeks ago
ABB Cylon Aspect 3.08.03 - Hard-coded Secrets
[hardware] ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
4 months 2 weeks ago
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
[webapps] Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
4 months 2 weeks ago
Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
4 months 2 weeks ago
In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain.
Nitesh Surana
威努特智慧校园全光网,助力数字高校底座建设
4 months 2 weeks ago
为师生提供无缝、高质量的网络接入服务。
深度剖析Redis的高性能功能与安全漏洞及防护
4 months 2 weeks ago
文章从Redis的功能和使用背景出发,分析了Redis不同版本的功能带来的安全漏洞,并提出防护方法。
【情报】美国情报总监组建新机构-拟对情报界进行重大改革
4 months 2 weeks ago
4月8日,美国国家情报总监办公室发文称:国家情报总监加巴德成立特别工作组,旨在恢复情报界的信任并终止政府针对美国公民的武器化。
CVE-2010-5305 | Rockwell Automation PLC5/SLC5/0x/RSLogix 1785-Lx/1747-L5x access control
4 months 2 weeks ago
A vulnerability classified as critical was found in Rockwell Automation PLC5, SLC5, 0x, RSLogix 1785-Lx and 1747-L5x. This vulnerability affects unknown code. The manipulation leads to improper access controls.
This vulnerability was named CVE-2010-5305. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2022-40005 | Intelbras WiFiber 120AC inMesh 1.1-220216 Web Server command injection
4 months 2 weeks ago
A vulnerability classified as critical was found in Intelbras WiFiber 120AC inMesh 1.1-220216. This vulnerability affects unknown code of the component Web Server. The manipulation leads to command injection.
This vulnerability was named CVE-2022-40005. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-29853 | OX Software OX App Suite up to 8.2 HTML E-Mail Message HTML injection
4 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in OX Software OX App Suite up to 8.2. Affected by this issue is some unknown functionality of the component HTML E-Mail Message Handler. The manipulation leads to HTML injection.
This vulnerability is handled as CVE-2022-29853. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-29852 | OX Software OX App Suite up to 8.2 cross site scripting
4 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in OX Software OX App Suite up to 8.2. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2022-29852. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-42898 | Oracle Communications Diameter Signaling Router 8.6.0.0 Platform integer overflow (Nessus ID 207970)
4 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Oracle Communications Diameter Signaling Router 8.6.0.0. Affected is an unknown function of the component Platform. The manipulation leads to integer overflow.
This vulnerability is traded as CVE-2022-42898. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2022-42898 | Oracle Communications Network Analytics Data Director 23.1.0 Install/Upgrade integer overflow (Nessus ID 207970)
4 months 2 weeks ago
A vulnerability was found in Oracle Communications Network Analytics Data Director 23.1.0. It has been classified as critical. This affects an unknown part of the component Install/Upgrade. The manipulation leads to integer overflow.
This vulnerability is uniquely identified as CVE-2022-42898. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2022-42898 | Oracle MySQL Cluster up to 8.0.34/8.1.0 integer overflow (Nessus ID 207970)
4 months 2 weeks ago
A vulnerability classified as critical was found in Oracle MySQL Cluster up to 8.0.34/8.1.0. This vulnerability affects unknown code of the component Cluster. The manipulation leads to integer overflow.
This vulnerability was named CVE-2022-42898. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2022-41317 | Squid Web Proxy up to 4.17/5.6 Internal URL exposure of sensitive information due to incompatible policies (GHSA-rcg9-7fqm-83mq / Nessus ID 211262)
4 months 2 weeks ago
A vulnerability was found in Squid Web Proxy up to 4.17/5.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Internal URL Handler. The manipulation leads to exposure of sensitive information due to incompatible policies.
This vulnerability is known as CVE-2022-41317. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-37706 | Enlightenment up to 0.25.3 enlightenment_sys path traversal (EDB-51180 / Nessus ID 211171)
4 months 2 weeks ago
A vulnerability was found in Enlightenment up to 0.25.3. It has been declared as critical. This vulnerability affects unknown code of the component enlightenment_sys. The manipulation leads to path traversal: '/../filedir'.
This vulnerability was named CVE-2022-37706. The attack needs to be approached locally. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Hertz confirms customer info, drivers' licenses stolen in data breach
4 months 2 weeks ago
Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...]
Lawrence Abrams
主动防御策略结合隐私保护与运维风险管理,构建多方位安全体系,提升数据安全与合规性。|总第284周
4 months 2 weeks ago
本期周报简介:1、在甲方安全中,如何实施主动防御措施以提升整体安全防护水平?
2、发现生产服务器配置代理上网时,应采取哪些步骤进行处理,以确保数据安全与合规性?
3、面对项目组或运维方对安全整改的抵触情绪,哪些有效策略可以帮助推进整改工作?
主动防御策略结合隐私保护与运维风险管理,构建多方位安全体系,提升数据安全与合规性。|总第284周
4 months 2 weeks ago
本期周报简介:1、在甲方安全中,如何实施主动防御措施以提升整体安全防护水平?
2、发现生产服务器配置代理上网时,应采取哪些步骤进行处理,以确保数据安全与合规性?
3、面对项目组或运维方对安全整改的抵触情绪,哪些有效策略可以帮助推进整改工作?