OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.Read More ...
Continue Reading
July 27, 2022
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.Read More ...
Continue Reading
July 27, 2022
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system ...
Continue Reading
July 27, 2022
An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA ...
Continue Reading
July 27, 2022
"Hulu / ????" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service ([CWE-798]()). ## Impact The hard-coded API key may be retrieved via reverse-engineering ...
Continue Reading
July 26, 2022
Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanis ...
Continue Reading
July 26, 2022
Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanis ...
Continue Reading
July 26, 2022
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authentica ...
Continue Reading
July 26, 2022
Back to Main
