A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v22.214.171.124 in the Administration zone “/netflow/jspui/index.jsp” file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in “/webtop/help/en/default.htm” is vulnerable.
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v126.96.36.199 in the Administration zone “/netflow/jspui/linkdownalertConfig.jsp” file in the task parameter.
An issue was discovered in portier vision 188.8.131.52 and 184.108.40.206. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
Moodle 3.5.x before 3.5.4 allows SSRF.
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
AirTies Air5341 220.127.116.11 devices allow cgi-bin/login CSRF.
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org