Home | Latest News | Popular News | Our Network | About | Contact
Latest Exploits | www.SecurityPhresh.com
Latest Exploits
Showing 'Latest Exploits' from 41 to 50
QRadar Community Edition 7.3.1.6 Insecure File Permissions
21st Apr 2020 [one month ago] from PacketStormSecurity
QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.
QRadar Community Edition 7.3.1.6 Cross Site Scripting
21st Apr 2020 [one month ago] from PacketStormSecurity
QRadar Community Edition version 7.3.1.6 suffers from a reflective cross site scripting vulnerability in the Forensics link analysis page.
QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control
21st Apr 2020 [one month ago] from PacketStormSecurity
QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.
QRadar Community Edition 7.3.1.6 Server Side Request Forgery
21st Apr 2020 [one month ago] from PacketStormSecurity
QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation...
QRadar Community Edition 7.3.1.6 Default Credentials
21st Apr 2020 [one month ago] from PacketStormSecurity
QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including (encrypted)...
Sky File 2.1.0 Cross Site Scripting / Directory Traversal
21st Apr 2020 [one month ago] from PacketStormSecurity
Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.
Mahara 19.10.2 Cross Site Scripting
21st Apr 2020 [one month ago] from PacketStormSecurity
Mahara version 19.10.2 suffers from a persistent cross site scripting vulnerability.
Haproxy Hpack-tbl.c Out-Of-Bounds Write
21st Apr 2020 [one month ago] from PacketStormSecurity
The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).
Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption
21st Apr 2020 [one month ago] from PacketStormSecurity
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.
P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting
21st Apr 2020 [one month ago] from PacketStormSecurity
P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.
« Newer 1 2 3 4 5 6 7 8 9 10 Older »