Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system ...
Continue Reading
July 27, 2022
An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA ...
Continue Reading
July 27, 2022
"Hulu / ????" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service ([CWE-798]()). ## Impact The hard-coded API key may be retrieved via reverse-engineering ...
Continue Reading
July 26, 2022
Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanis ...
Continue Reading
July 26, 2022
Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanis ...
Continue Reading
July 26, 2022
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authentica ...
Continue Reading
July 26, 2022
The **Cyber Defense Awards** in conjunction with [_Cyber Defense Magazine_]() recently announced the winners of their prestigious annual **Global Infosec Awards for 2022**. We are proud to say that Im ...
Continue Reading
July 26, 2022
_The following is a guest blog by Aflac, a Qualys VMDR customer, on their recent experience completing a Proof of Concept project for the newly release VMDR 2.0 with Qualys TruRisk._ ### About Aflac ! ...
Continue Reading
July 26, 2022
Back to Main
