Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.
Published at: October 29, 2020 at 10:15AM
View on website
Etiqueta: hack
New vulnerability on the NVD: CVE-2020-22552
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
Published at: October 28, 2020 at 10:15AM
View on website
New vulnerability on the NVD: CVE-2019-4547 (security_directory_server)
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
Published at: October 29, 2020 at 12:15PM
View on website
New vulnerability on the NVD: CVE-2019-4563 (security_directory_server)
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
Published at: October 29, 2020 at 12:15PM
View on website
New vulnerability on the NVD: CVE-2017-18925
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
Published at: October 26, 2020 at 02:15PM
View on website
Educ Arte Económico 