CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This[…]

CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2019-10-09)

CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)

Red Hat Security Advisory 2020-5340-01

Red Hat Security Advisory 2020-5340-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for[…]

Red Hat Security Advisory 2020-5342-01

Red Hat Security Advisory 2020-5342-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for[…]

Red Hat Security Advisory 2020-5325-01

Red Hat Security Advisory 2020-5325-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Red Hat Security Advisory 2020-5316-01

Red Hat Security Advisory 2020-5316-01 - PostgreSQL is an advanced object-relational database management system.

Red Hat Security Advisory 2020-5314-01

Red Hat Security Advisory 2020-5314-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.

Security Technologies: FORTIFY_SOURCE

FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]

Security Technologies: Stack Smashing Protection (StackGuard)

In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…]

How SELinux helps mitigate risk while facilitating compliance

Language EnglishMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Red Hat’s disclosure process

Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]

ASUS TM-AC1900 Arbitrary Command Execution

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]

Ubuntu Security Notice USN-4569-1

Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]

TP-Link Cloud Cameras NCXXX Bonjour Command Injection

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]

Geutebruck testaction.cgi Remote Command Execution

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions

Cayin Content Management Server 11.0 Root Remote Command Injection

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

Debian: DSA-4801-1: brotli security update

A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite. For the stable distribution (buster), this problem has been fixed in

Debian: DSA-4799-1: x11vnc security update

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial[…]

Debian: DSA-4794-1: mupdf security update

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.

Debian: DSA-4792-1: openldap security update

Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these

Ubuntu Security Notice USN-4530-1

Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.

Debian Security Advisory 4629-1

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Security Advisory 4626-1

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Security Advisory 4625-1

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Security Advisory 4620-1

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]

Linux Kernel Local Privilege Escalation

Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.

Reliable Datagram Sockets (RDS) Privilege Escalation

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]

MagniComp SysInfo mcsiwrapper Privilege Escalation

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]

FreeBSD -- ICMPv6 use-after-free in error message handling

nomad -- multiple vulnerabilities

[20201102] - Core - Disclosure of secrets in Global Configuration page

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.22Exploit type: Information DisclosureReported Date: 2020-09-23Fixed Date: 2020-11-24CVE Number: CVE-2020-xxx (TBA)DescriptionThe globlal configuration page does not remove secrets from the HTML output, disclosing the current values.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at[…]

[20201104] - Core - SQL injection in com_users list view

Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.22Exploit type: SQL InjectionReported Date: 2020-10-13Fixed Date: 2020-11-24CVE Number: CVE-2020-xxx (TBA)DescriptionImproper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST[…]

[20201106] - Core - CSRF in com_privacy emailexport feature

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0-3.9.22Exploit type: CSRFReported Date: 2020-10-08Fixed Date: 2020-11-24CVE Number: CVE-2020-xxx (TBA)DescriptionA missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.22SolutionUpgrade to version 3.9.23ContactThe JSST at the[…]

publisher, 3.0.19, XSS (Cross Site Scripting)

publisher, 3.0.19, 3rd party extension, XSS (Cross Site Scripting)

K2 Plugin for sh404SEF version 1.6.0 released

The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…]

[20200801] - Core - XSS in mod_latestactions

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.0-3.9.20Exploit type: XSSReported Date: 2020-August-21Fixed Date: 2020-August-25CVE Number: CVE-2020-24599DescriptionLack of escaping in mod_latestactions allows XSS attacks.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Peter Martin

[20200802] - Core - Open redirect in com_content vote feature

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.20Exploit type: Open RedirectReported Date: 2020-July-05Fixed Date: 2020-August-25CVE Number: CVE-2020-24598DescriptionLack of input validation in com_content leads to an open redirect.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Ahmad Kamaran Jamil

AllVideos 6.1.0 now available - adds Mixcloud support

Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Added support for Mixcloud embeds. Just use the pattern[…]

hwdplayer,4.2,SQL Injection

hwdplayer,4.2,SQL InjectionPossible abandonware also

Simple Image Gallery (free) v4.1.0 released

Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…]

Simple Image Gallery (free) v4.0.0 released - now Joomla 4 compatible!

Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…]

SocialConnect v1.10.0 released

SocialConnect v1.10.0 is now available to download for subscribers. This new release improves compatibility with recent API changes in Facebook and LinkedIn.Here's what's been added or changed in SocialConnect with the release of v1.10.0:Facebook authorization in SocialConnect's settings will now[…]

K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!

K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…]

K2 v2.10.1 released

K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…]

K2 v2.9.0 released

K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]

Google Map Landkarten,4.2.3,SQL Injection

Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection

File Download Tracker,3.0,SQL Injection

File Download Tracker by techsolsystem.com, 3.0, SQL Injection

JMS Music,1.1.1,SQL Injection

JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

K2 v2.7.1 released

K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

K2 v2.7.0 released

Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

SocialConnect

SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…]

Disqus Comments (for Joomla)

Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]

Frontpage SlideShow

Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…]

AllVideos

AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…]

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)

CVE-2019-11837

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a[…]