A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP…
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious…
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this…
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. Zafiyet ile ilgili Genel…
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device’s firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens,…
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability…
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera’s settings and the administrator credentials. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions…