The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).Read More ...
Continue Reading
June 24, 2022
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a root user level meant only for the vendor. Web server root level acce ...
Continue Reading
June 24, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. T ...
Continue Reading
June 24, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled nam ...
Continue Reading
June 24, 2022
The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnera ...
Continue Reading
June 24, 2022
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administr ...
Continue Reading
June 24, 2022
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election informa ...
Continue Reading
June 24, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.Read More ...
Continue Reading
June 24, 2022
Back to Main
