CA Technologies, a Broadcom Company, is alerting customers to a risk with CA Service Catalog. A vulnerability can potentially exist in a specific configuration that can allow a remote attacker to cause a denial of service condition. CA published a solution and instructions to resolve the vulnerability. The vulnerability occurs due a default configuration setting that, if not modified during installation by customers, can allow a remote attacker to access and update configuration information that can result in a denial of service condition.
8327e804ccae5d87838d2e89f164ca1437cf95abb6f2a0e33d3cc4ba4f6b9de8
Programi Bilanc build 007 release 014 31.01.2020 suffers from multiple remote SQL injection vulnerabilities.
3742b4fc1769d765e3017cbd022f8350db3e8fbbdc4c6e73a5dd6e4c926b8800
Programi Bilanc build 007 release 014 31.01.2020 downloads software updates via unencrypted channels and allows attackers to manipulate this process.
20e70f5d793ad8d7fc7cf69c582c5f3bd34c19769991ed6e503f1bf1bcaac528
Programi Bilanc build 007 release 014 31.01.2020 supplies an .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
b94a75c0d78c78edb028cd3ce7145a791b5608d7e4a90fa7ffb3ba8fc5720898
Programi Bilanc build 007 release 014 31.01.2020 leaves a static key in source code that any attacker can leverage to decrypt data.
e8143a10f9abe21e5d7712b11ead70ee3b98e732d5ee78ed8d06fcc8ff14de5f
Red Hat Security Advisory 2020-5605-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include denial of service and remote shell upload vulnerabilities.
a4d45a490006475335da3f734619ce684eca91cec2e0d189041bd2f4e965d72e
It has been noticed that Rocket.Chat has quietly fixed a persistent cross site scripting vulnerability but as of 12/18/2020 no release contains these fixes.
8c199a1077b7412e93c844e5a21669bc17d54b1e683c9354eb1d77fb10d0d5bc
This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8
Xeroneit Library Management System version 3.1 suffers from a persistent cross site scripting vulnerability.
c60f7a4e506f825a6f09f658c91782fde8b130a496b6b99622a8535c469d74fb
Programi Bilanc build 007 release 014 31.01.2020 uses a weak default password.
0684cc018d81493067512a493fc582e9f17cf8e183fca6389439f5dbe1141d93
The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation.
8de39b3d864b347239de1ec3dc821eb3dbbd1f8d117938aab08b12b371a9dbc1
This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
a1a09a3983590ec069365baa90b96a395451c12d03067449dba59d8e803a84f5
Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross scripting vulnerability in this version is attributed to Valerio Alessandroni in December of 2020.
b3060da69ce3d9e00c4bebaf92f52d820bca331d9573752ec92acee90b8073d5
Jenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.
fe78de531ac764992ae8de65e10f60a4d5a3ae82a3af279a85c1daa0d31531ec
Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.
c79b819f3916ff0be16a8f92b4bb6d4ac20350c987de62c68c23246986271990
SyncBreeze version 10.0.28 suffers from a denial of service vulnerability.
f151bd178487f072f490a4542671b404a25f16ecf8835918375cc4c510f3321f
Alumni Management System version 1.0 suffers from a remote SQL injection vulnerability. SQL injection was originally discovered in this version in October of 2020 by Ankita Pal.
37f1f1a90c529026dd04e0f8e67252e21264daf011c40b7caaaddfef0d40e86d
Smart Hospital version 3.1 suffers from a persistent cross site scripting vulnerability.
33e61dc1e251eb2dda5ac37af402023816eff130ace64ff17086dbe6a37efd6c
Point of Sale System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
596041ae8cbbc85b9ca314b28ed7b2500dcc7ec7e8554b5e0528440f9a3adb54
Alumni Management System version 1.0 suffers from a remote shell upload vulnerability. Original discovery for this vulnerability in this version is attributed to Valerio Alessandroni.
fe8c0654fdd450f4d789a5f2c7959427558174d0b3110ca1a4c2e6e999fd7985