The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication…
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…
Apache APISIX 2.12.1 – Remote Code Execution (RCE)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Tiny File Manager 2.4.6 – Remote Code Execution (RCE)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Hikvision IP Camera – Backdoor
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Pluck CMS 4.7.16 – Remote Code Execution (RCE) (Authenticated)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Moodle 3.11.5 – SQLi (Authenticated)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible…