SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition.
5f21a47194e596c49a31455b6731ab60cd1e4e77d9094e16a002d5a7d296e114Microsoft Azure DevOps Server version 2020.0.1 suffers from a cross site scripting vulnerability.
2865bdfc703b7d0f9e4183f21398f57ed28f9364149b790650846f15f2d1f767Platinum Mobile version 1.0.4.850 has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company's payroll, personal information of other employees without having appropriate privileges to do so.
ef616be2199ef7ca952b57851fb6f735192ec9301a566f2f186d4adaf12d70a8FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. Versions prior to 4.4.2335 on Linux, 5.6.1 on Windows, and 5.6.1 on Mac OSX are vulnerable.
e979475b106297fb2dc050e554be589a58bf126c0e7adb1e3495fc242851917dProgress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.
3b9ede0ed34ccec1a3785d53427af9ee98ed5e43eb4328b53908fb90a5292e5c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed