More article whitepapers
Free Research and Reports
- Hands-On Web Application Penetration Testing - Interop New York
- Designing Infrastructure for Private Clouds - Interop New York
- Designing the Virtual Network for the Software-Defined Data Center - Interop New York
- Software-Defined Networking and Network Virtualization - Interop New York
- Deep Packet Inspection with Wireshark - Interop New York
Dark Reading Digital Magazine
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.