LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
Read more...Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
Read more...Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
Read more...GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
Read more...Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.
Read more...Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
Read more...Red Hat Security Advisory 2024-1930-03 - An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1. Issues addressed include an information leakage vulnerability.
Read more...Red Hat Security Advisory 2024-1931-03 - An update for python-yaql and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1. Issues addressed include an information leakage vulnerability.
Read more...pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to[…]
Read more...This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint[…]
Read more...Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.
Read more...Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.
Read more...Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in[…]
Read more...Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.[…]
Read more...Red Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
Read more...Red Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services[…]
Read more...Red Hat Security Advisory 2024-1576-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Read more...Red Hat Security Advisory 2024-1431-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Read more...Debian Linux Security Advisory 5635-1 - Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting.
Read more...Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.
Read more...Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.
Read more...Red Hat Security Advisory 2023-7025-01 - An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Read more...Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.
Read more...Ubuntu Security Notice 6219-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. It was[…]
Read more...Red Hat Security Advisory 2023-3821-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
Read more...Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user[…]
Read more...Aufgrund der Popularität und bekannter Sicherheitsprobleme werden Joomla-Installationen immer wieder zur Zielscheibe von Angriffen, insbesondere in Form sogenannter Defacements. Laut einer IBM-Studie aus dem Jahr 2008 ist die Zahl der Sicherheitslücken bei Webapplikationen allerdings generell drastisch angestiegen, so dass prinzipiell alle Systeme von diesem Problem betroffen sind. Insbesondere WordPress ist in dieser Hinsicht mindestens genauso gefährdet.
Ubuntu Security Notice 6746-1 - It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
Read more...GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu[…]
Read more...Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and[…]
Read more...This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1.87.2 on Ubuntu 22.04.
Read more...Ubuntu Security Notice 6743-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Read more...Ubuntu Security Notice 6744-2 - USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Pillow in Ubuntu 20.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file,[…]
Read more...Ubuntu Security Notice 6744-1 - Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a[…]
Read more...Ubuntu Security Notice 6738-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol. If a user or an automated system were tricked[…]
Read more...Ubuntu Security Notice 6745-1 - It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution.
Read more...Ubuntu Security Notice 6743-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Read more...