Noise-Java suffers from an issue located in the AESGCMOnCtrCipherState.encryptWithAd() method defined in AESGCMOnCtrCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the…
>> ARCHIVE: 2020-09
The Windows client for Pulse Secure versions prior to 9.1.6 have a TOCTOU bug that allows an attacker to escalate the privilege to NT_AUTHORITYSYSTEM.
ManageEngine Applications Manager authenticated remote code execution exploit that leverages the newInstance() and loadClass() methods being used by the “WeblogicReference”, when attempting a Credential Test for a new Monitor. Versions…
http://www.1tambon1school.go.th/data/-.txt notified by /Rayzky_
Nord VPN-6.31.13.0 – ‘nordvpn-service’ Unquoted Service Path
The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML…
BarracudaDrive v6.5 – Insecure Folder Permissions
SiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated)
Daily Tracker System 1.0 – Authentication Bypass
BloodX CMS 1.0 – Authentication Bypass