Diese Module beschreiben alles, was mit der Administration des Grundsystems verbunden ist. Dazu gehören zum Beispiel Startverhalten, Anwenderverwaltung, Software-Installation und derzeit laufende Prozesse.
Let's Encrypt ist eine gemeinnützige Zertifizierungsstelle. Mit Unterstützung von Mozilla, der Bürgerrechtsorganisation Electronic Frontier Foundation (EFF) und einigen Unternehmen wie z.B. Content-Delivery-Netzwerk-Anbieter Akamai und Cisco soll so jeder kostenlos ein TLS-Zertifikat erhalten können, um die Verbindungen zu eigenen Webseiten per HTTPS verschlüsseln zu können.
Um Webmin auf Ihrem System laufen zu lassen, benötigen Sie einige Pakete, die eventuell in der Standardinstallation Ihrer Distribution nicht vorhanden sind. Mittels yum, apt und Konsorten ist es aber ein Leichtes, diese Packages nachzuziehen. Vor allen Dingen lösen yum und apt die Abhängigkeiten von selbst auf und installieren selbstständig alles Notwendige.
Kloxo (zuvor LXadmin) kostenloses OpenSource Web Hosting Control Panel für Red Hat und CentOS Distributionen.
Virtual Hosting Control System (VHCS) ist ein webbasiertes freies Konfigurationstool für Webserver und Webhosting-Angebote.
Red Hat Security Advisory 2024-1930-03 - An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1. Issues addressed include an information leakage vulnerability.
Read more...Red Hat Security Advisory 2024-1931-03 - An update for python-yaql and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1. Issues addressed include an information leakage vulnerability.
Read more...pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to[…]
Read more...This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint[…]
Read more...Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.
Read more...Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.
Read more...Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in[…]
Read more...Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.[…]
Read more...Red Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
Read more...Red Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services[…]
Read more...There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero[…]
Read more...Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
Read more...R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup[…]
Read more...Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.
Read more...An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they[…]
Read more...Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.
Read more...This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the[…]
Read more...Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user[…]
Read more...SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
Read more...SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
Read more...snaplitics made a real revolution in the industry.
LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
Read more...Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
Read more...Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.
Read more...GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
Read more...Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.
Read more...Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
Read more...DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
Read more...Sentora ist ein Open-Source-Web-Hosting Control Panel speziell entwickelt, um auf einer Vielzahl von Linux-Distributionen zu arbeiten. Sentora ist unter der GPLv3 lizenziert und ist eine Weiterentwicklung des ursprünglichen ZPanel Projekt.