Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.

Packet Storm
#sql#vulnerability#web#google#linux#apache#java#intel#php#auth#ssl
GHSA-h7w9-c5vx-x7j3: Insecure Default Initialization of Resource vulnerability in Apache Solr

New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request. "trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script.

Election season raises fears for nearly a third of people who worry their vote could be leaked

The US presidential election is stirring fears amongst a third of people who worry that their vote could be exposed to outsiders.

Intel Broker Claims Cisco Breach, Selling Stolen Data from Major Firms

Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from…

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'country', 'state', 'locality', 'organization', and 'hostname' HTTP POST parameters called by the sslCertAjax.php script.

HyperRing Demonstrates Wearable Smart Device in Joint Venture With The College of Extraordinary Experiences

Security-focused wearable company HyperRing has launched a joint venture with Paul Bulencea, the co-founder of The College of…

GL.iNet 4.4.3 Code Injection

GL.iNet version 4.4.3 suffers from authentication bypass and code injection vulnerabilities.