The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used…

The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery.…

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify…

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to…

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). Zafiyet ile ilgili Genel…

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “rootâ€� user level meant only for the vendor. Web…

OFFIS DCMTK’s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary…

OFFIS DCMTK’s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into…

OFFIS DCMTK’s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. Zafiyet…

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could…