Allgemeine News
-
Canna Power richtet canna.tf nach DNS-Sperre ein
Apr 15, 2021 | 17:07 pmCanna.to. Der Betreiber hat bereits unter canna.tf eine weitere Domain eingerichet, um sein rechteverletzendes Musik-Portal weiterhin zugänglich zu machen. Gleiches gilt für das Forum...Zu dem Artikel: Canna Power richtet canna.tf nach DNS-Sperre einTarnkappe.info - Unter dem Radar
Read more... -
Landeskriminalamt Wien nimmt Darknet-Drogendealer fest
Apr 15, 2021 | 15:16 pmEin wegen diverser Suchtmitteldelikte amtsbekannter 27-jähriger verdächtiger Weißrusse ging Ermittlern vom Landeskriminalamt Wien am 02.04.2021 in Netz. Ihm wird vorgeworfen, Suchtgift im Darknet aus...Zu dem Artikel: Landeskriminalamt Wien nimmt Darknet-Drogendealer festTarnkappe.info - Unter dem Radar
Read more... -
Ex-CIA-Vizedirektor ist Bitcoin-Fan: „Segen für Überwachung“
Apr 14, 2021 | 17:54 pmDer frühere stellvertretende CIA-Chef Michael Morell setzt sich für Bitcoin ein, denn die Kryptowährung sei ein „Segen für Überwachung“. Regierungen sollten sie nicht meiden,...Zu dem Artikel: Ex-CIA-Vizedirektor ist Bitcoin-Fan: „Segen für Überwachung“Tarnkappe.info - Unter dem Radar
Read more... -
canna.to: Clearingstelle Urheberrecht im Internet lässt Musikportal sperren
Apr 14, 2021 | 14:26 pmDer Prüfungsausschuss der Clearingstelle Urheberrecht im Internet (CUII) bestimmte am 9. März einstimmig, dass das fast 22-jährige Download-Portal canna.to blockiert werden soll. Bei den...Zu dem Artikel: canna.to: Clearingstelle Urheberrecht im Internet lässt Musikportal sperrenTarnkappe.info - Unter dem Radar
Read more... -
Bitdefender warnt vor gecrackten MS Office- und Adobe Photoshop-Kopien
Apr 14, 2021 | 14:19 pmEine oft praktizierte Methode ist das illegale, kostenfreie Herunterladen von gefälschten Software-Produkten über Torrents. Wie Bitdefender allerdings aktuell erst wieder feststellt, setzen sich die...Zu dem Artikel: Bitdefender warnt vor gecrackten MS Office- und Adobe Photoshop-KopienTarnkappe.info - Unter dem Radar
Read more... -
University of Colorado: Hacker fordern Lösegeld für ca. 300.000 Dateien
Apr 13, 2021 | 15:17 pmBereits Anfang April warnte die University of Colorado ihre Studenten und Mitarbeiter, dass eine Ransomware-Gruppe möglicherweise ihre persönlichen Daten und die von Hunderten anderer...Zu dem Artikel: University of Colorado: Hacker fordern Lösegeld für ca. 300.000 DateienTarnkappe.info - Unter dem Radar
Read more... -
Lesetipps: Stallmans Entschuldigung und sehr gefälschte Uni-Abschlüsse
Apr 13, 2021 | 14:47 pmHerzlich willkommen zu einer neuen Ausgabe unserer Tarnkappe.info Lesetipps. Ihr erinnert euch bestimmt noch an unsere Lesetipps-Schlagzeile „Stallman muss weg„. Jetzt versucht der angeschlagene...Zu dem Artikel: Lesetipps: Stallmans Entschuldigung und sehr gefälschte Uni-AbschlüsseTarnkappe.info - Unter dem Radar
Read more... -
Alfafile.net – bitte Fragen für ein Community-Interview einreichen!
Apr 12, 2021 | 22:56 pmIm Jahr 2014 ging der nordirisch-schottische Sharehoster Alfafile.net online. Das Unternehmen gehört zur Rapidgator Limited, die früher auch DataFile.com betrieben hat. Wir sammeln bis...Zu dem Artikel: Alfafile.net – bitte Fragen für ein Community-Interview einreichen!Tarnkappe.info - Unter dem Radar
Read more... -
Neue WhatsApp Sicherheitslücke: Angreifer können Konten deaktivieren
Apr 12, 2021 | 19:21 pmAllein die Handynummern reichen offenbar potenziellen Angreifern aus, um WhatsApp auf Geräten zu deaktivieren und Nutzer daran zu hindern, sich wieder einzuloggen. Selbst eine...Zu dem Artikel: Neue WhatsApp Sicherheitslücke: Angreifer können Konten deaktivierenTarnkappe.info - Unter dem Radar
Read more... -
SceneFTP.com – Betreiber möchten ganz schnell hochgenommen werden
Apr 12, 2021 | 13:47 pmAnonyme verschicken derzeit Spam-Mails in Massen, um Abos für ihren Pay-FTP-Server SceneFTP.com zu verticken. Man nutzt dafür nach eigenem Bekunden die Daten aus dem...Zu dem Artikel: SceneFTP.com – Betreiber möchten ganz schnell hochgenommen werdenTarnkappe.info - Unter dem Radar
Read more... -
Reporter ohne Grenzen prangert zweijährige Haft Assanges an
Apr 12, 2021 | 11:50 amIm Zuge der bereits zwei Jahre andauernden Inhaftierung des Wikileaks-Gründers Julian Assange im Hochsicherheitsgefängnis Belmarsh im Osten Londons, macht Reporter ohne Grenzen (ROG) aktuell...Zu dem Artikel: Reporter ohne Grenzen prangert zweijährige Haft Assanges anTarnkappe.info - Unter dem Radar
Read more... -
Obersteiermark: Darknet-Drogenhandel beendet, Dealer festgenommen
Apr 11, 2021 | 13:39 pmIn der Obersteiermark gelang die Ermittlung dreier Männer. Ihnen wird vorgeworfen, seit Herbst des vergangenen Jahres verschiedene Suchtmittel in großer Menge im Darknet erworben...Zu dem Artikel: Obersteiermark: Darknet-Drogenhandel beendet, Dealer festgenommenTarnkappe.info - Unter dem Radar
Read more... -
Wegen Videos auf Weibo: Kurierfahrer Chen Guojiang im Gefängnis
Apr 10, 2021 | 14:18 pmChinas bekanntester Kurierfahrer, Chen Guojiang, wird seit dem 25. Februar im Pekinger Haftzentrum des Bezirks Chaoyang festgehalten. Der Aktivist prangert die ausbeuterischen Arbeitsbedingungen in...Zu dem Artikel: Wegen Videos auf Weibo: Kurierfahrer Chen Guojiang im GefängnisTarnkappe.info - Unter dem Radar
Read more... -
Berliner Zoo plant Gesichtserkennung für Jahreskartenbesitzer
Apr 10, 2021 | 14:17 pmZur Beschleunigung der Einlasskontrolle plant der Berliner Zoo bereits für den 20. April die Einführung eines neuen Ticketsystems. Dieses soll biometrische Daten von Jahreskartenbesitzer*innen...Zu dem Artikel: Berliner Zoo plant Gesichtserkennung für JahreskartenbesitzerTarnkappe.info - Unter dem Radar
Read more... -
Lesetipps: Spot geht der Saft aus, Schadcode im Store, Spotify’s Patent
Apr 10, 2021 | 13:47 pmHerzlich willkommen zu einer Samstagsausgabe unserer Tarnkappe.info Lesetipps. Linus Neumann und Tim Pritlove sprechen in ihrem neuen Logbuch Netzpolitik-Podcast unter anderem über das leidige...Zu dem Artikel: Lesetipps: Spot geht der Saft aus, Schadcode im Store, Spotify’s PatentTarnkappe.info - Unter dem[…]
Read more... -
Schwyz: Freiheitsstrafe für Ex-Logistikchef der Kantonspolizei gefordert
Apr 9, 2021 | 14:30 pmAm Donnerstag, dem 08.04.2021, war der Prozessauftakt am Strafgericht Bellinzona für das Strafverfahren gegen den Ex-Logistikchef der Schwyzer Kantonspolizei. Ihm werden Waffen-Darknet-Verkäufe vorgeworfen, sowie...Zu dem Artikel: Schwyz: Freiheitsstrafe für Ex-Logistikchef der Kantonspolizei gefordertTarnkappe.info - Unter dem Radar
Read more... -
Revision 2021: Twitch löscht Kanal wegen angeblicher Nacktheit
Apr 8, 2021 | 23:36 pmDer Streaming-Anbieter Twitch hat Ostersamstag ohne Vorwarnung ein Konto der Demoszene-Party Revision gekündigt. Ohne die Unterstützung von media.ccc.de wäre die Veranstaltung möglicherweise komplett ausgefallen....Zu dem Artikel: Revision 2021: Twitch löscht Kanal wegen angeblicher NacktheitTarnkappe.info - Unter dem Radar
Read more...
-
CVE-2019-10082
Latest security vulnerabilities Apache Http Server Sep 26, 2019 | 00:00 amIn Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)
Read more... -
CVE-2019-10092
Latest security vulnerabilities Apache Http Server Sep 26, 2019 | 00:00 amIn Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This[…]
Read more... -
CVE-2019-10097
Latest security vulnerabilities Apache Http Server Sep 26, 2019 | 00:00 amIn Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]
Read more... -
CVE-2019-10098
Latest security vulnerabilities Apache Http Server Sep 25, 2019 | 00:00 amIn Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2019-10-09)
Read more... -
CVE-2019-10081
Latest security vulnerabilities Apache Http Server Aug 15, 2019 | 00:00 amHTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]
Read more... -
CVE-2019-0197
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]
Read more... -
CVE-2019-0220
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]
Read more... -
CVE-2019-0211
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more... -
CVE-2019-0215
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more... -
CVE-2019-0217
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more...
-
Red Hat Security Advisory 2021-1214-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:51 pmRed Hat Security Advisory 2021-1214-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
Read more... -
Red Hat Security Advisory 2021-1213-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:51 pmRed Hat Security Advisory 2021-1213-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
Read more... -
Red Hat Security Advisory 2021-1200-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:50 pmRed Hat Security Advisory 2021-1200-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged[…]
Read more... -
Red Hat Security Advisory 2021-1201-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:50 pmRed Hat Security Advisory 2021-1201-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1.
Read more... -
Red Hat Security Advisory 2021-1203-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:50 pmRed Hat Security Advisory 2021-1203-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat[…]
Read more... -
Red Hat Security Advisory 2021-1202-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:50 pmRed Hat Security Advisory 2021-1202-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat[…]
Read more... -
Red Hat Security Advisory 2021-1206-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:50 pmRed Hat Security Advisory 2021-1206-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in[…]
Read more... -
Red Hat Security Advisory 2021-1199-01
Operating System: RedHat ≈ Packet Storm Apr 15, 2021 | 13:49 pmRed Hat Security Advisory 2021-1199-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services[…]
Read more... -
Red Hat Security Advisory 2021-1195-01
Operating System: RedHat ≈ Packet Storm Apr 14, 2021 | 16:50 pmRed Hat Security Advisory 2021-1195-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault[…]
Read more... -
Red Hat Security Advisory 2021-1197-01
Operating System: RedHat ≈ Packet Storm Apr 14, 2021 | 16:49 pmRed Hat Security Advisory 2021-1197-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more... -
Go CGI / FastCGI Transport Cross Site Scripting
CGI Files ≈ Packet Storm Sep 2, 2020 | 15:00 pmThe CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more...
snaplitics made a real revolution in the industry.
-
Debian: DSA-4891-1: tomcat9 security update
Advisories Apr 13, 2021 | 16:47 pm
Read more...
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. For the stable distribution (buster), these problems have been fixed in -
Debian: DSA-4890-1: ruby-kramdown security update
Advisories Apr 12, 2021 | 03:22 am
Read more...
Stan Hu discovered that kramdown, a pure Ruby Markdown parser and converter, performed insufficient namespace validation of Rouge syntax highlighting formatters. -
Debian: DSA-4889-1: mediawiki security update
Advisories Apr 10, 2021 | 11:46 am
Read more...
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting. -
Debian: DSA-4888-1: xen security update
Advisories Apr 10, 2021 | 11:38 am
Read more...
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or memory disclosure. -
Debian: DSA-4887-1: lib3mf security update
Advisories Apr 8, 2021 | 14:27 pm
Read more...
A use-after-free was discovered in Lib3MF, a C++ implementation of the 3D Manufacturing Format, which could result in the execution of arbitrary code if a malformed file is opened. -
Debian: DSA-4886-1: chromium security update
Advisories Apr 6, 2021 | 09:38 am
Read more...
Several vulnerabilites have been discovered in the chromium web browser. CVE-2021-21159 -
Debian: DSA-4885-1: netty security update
Advisories Apr 5, 2021 | 15:06 pm
Read more...
Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure. -
Debian: DSA-4884-1: ldb security update
Advisories Apr 2, 2021 | 03:54 am
Read more...
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 -
Debian: DSA-4883-1: underscore security update
Advisories Apr 1, 2021 | 15:56 pm
Read more...
It was discovered that missing input sanitising in the template() function of the Underscore JavaScript library could result in the execution of arbitrary code. -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more... -
Libuser roothelper Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 13, 2018 | 21:49 pmThis Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]
Read more... -
MagniComp SysInfo mcsiwrapper Privilege Escalation
Operating System: Fedora ≈ Packet Storm Feb 20, 2018 | 14:09 pmThis Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]
Read more...
-
mdbook -- XSS in mdBook's search page
FreeBSD VuXML Apr 15, 2021 | 00:00 am
Read more... -
Gitlab -- Vulnerabilities
FreeBSD VuXML Apr 15, 2021 | 00:00 am
Read more... -
chromium -- multiple vulnerabilities
FreeBSD VuXML Apr 15, 2021 | 00:00 am
Read more... -
AccountService -- Insufficient path check in user_change_icon_file_authorized_cb()
FreeBSD VuXML Apr 15, 2021 | 00:00 am
Read more... -
chromium -- multiple vulnerabilities
FreeBSD VuXML Apr 14, 2021 | 00:00 am
Read more... -
xorg-server -- Input validation failures in X server XInput extension
FreeBSD VuXML Apr 13, 2021 | 00:00 am
Read more... -
syncthing -- crash due to malformed relay protocol message
FreeBSD VuXML Apr 12, 2021 | 00:00 am
Read more... -
gitea -- multiple vulnerabilities
FreeBSD VuXML Apr 11, 2021 | 00:00 am
Read more... -
curl -- TLS 1.3 session ticket proxy host mixup
FreeBSD VuXML Apr 10, 2021 | 00:00 am
Read more... -
curl -- Automatic referer leaks credentials
FreeBSD VuXML Apr 10, 2021 | 00:00 am
Read more...
-
[20210401] - Core - Escape xss in logo parameter error pages
Security Announcements Apr 13, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0 - 3.9.25Exploit type: XSSReported Date: 2021-03-09Fixed Date: 2021-04-13CVE Number: CVE-2021-26030DescriptionInadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.25SolutionUpgrade to version 3.9.26ContactThe JSST at[…]
Read more... -
[20210402] - Core - Inadequate filters on module layout settings
Security Announcements Apr 13, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0 - 3.9.25Exploit type: LFIReported Date: 2021-01-03Fixed Date: 2021-04-13CVE Number: CVE-2021-26031DescriptionInadequate filters on module layout settings could lead to an LFI.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.25SolutionUpgrade to version 3.9.26ContactThe JSST at the Joomla! Security Centre.Reported By:[…]
Read more... -
YooRecipe, All, SQL Injection
Vulnerable Extensions Mar 30, 2021 | 11:14 amYooRecipe, All, 3rd party extension, SQL Injection
Read more... -
[20210307] - Core - ACL violation within com_content frontend editing
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0 - 3.9.24Exploit type: ACL violationReported Date: 2020-10-25Fixed Date: 2021-03-02CVE Number: CVE-2021-26027DescriptionIncorrect ACL checks could allow unauthorized change of the category for an article.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at[…]
Read more... -
[20210306] - Core - com_media allowed paths that are not intended for image uploads
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0 - 3.9.24Exploit type: Improper Input ValidationReported Date: 2020-02-17Fixed Date: 2021-03-02CVE Number: CVE-2021-23132Descriptioncom_media allowed paths that are not intended for image uploads.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at the Joomla![…]
Read more... -
[20210304] - Core - XSS within the feed parser library
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0 - 3.9.24Exploit type: XSSReported Date: 2020-05-05Fixed Date: 2021-03-02CVE Number: CVE-2021-23130DescriptionMissing filtering of feed fields could lead to xss issues.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at the Joomla! Security Centre.Reported By: Bui[…]
Read more... -
[20210308] - Core - Path Traversal within joomla/archive zip class
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0 - 3.9.24Exploit type: Path TraversalReported Date: 2020-09-08Fixed Date: 2021-03-02CVE Number: CVE-2021-26028DescriptionExtracting an specifilcy crafted zip package could write files outside of the intended path.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST[…]
Read more... -
[20210303] - Core - XSS within alert messages showed to users
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0 - 3.9.24Exploit type: XSSReported Date: 2020-05-07Fixed Date: 2021-03-02CVE Number: CVE-2021-23129DescriptionMissing filtering of messages showed to users that could lead to xss issues.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at the Joomla![…]
Read more... -
[20210302] - Core - Potential Insecure FOFEncryptRandval
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.2.0 - 3.9.24Exploit type: Insecure RandomnessReported Date: 2021-01-13Fixed Date: 2021-03-02CVE Number: CVE-2021-23128DescriptionThe core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to[…]
Read more... -
[20210301] - Core - Insecure randomness within 2FA secret generation
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.2.0 - 3.9.24Exploit type: Insecure RandomnessReported Date: 2021-01-12Fixed Date: 2021-03-02CVE Number: CVE-2021-23126, CVE-2021-23127DescriptionUsage of the insecure rand() function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to[…]
Read more... -
[20210305] - Core - Input validation within the template manager
Security Announcements Mar 2, 2021 | 15:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.2.0 - 3.9.24Exploit type: Improper Input ValidationReported Date: 2020-05-07Fixed Date: 2021-03-02CVE Number: CVE-2021-23131DescriptionMissing input validation within the template manager.Affected InstallsJoomla! CMS versions 3.2.0 - 3.9.24SolutionUpgrade to version 3.9.25ContactThe JSST at the Joomla! Security Centre.Reported By:[…]
Read more... -
Simple RSS Feed Reader v3.8.0 released
Blog - JoomlaWorks Feb 3, 2021 | 15:42 pm
Read more...
Today we're releasing version 3.8.0 of the Simple RSS Feed Reader module. This new release brings back Joomla 1.5 support (by popular request), it introduces a new sub-template & changes the remote image resizing service from Mobify to Images.weserv.nl.Here's what's been[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks Feb 3, 2021 | 15:40 pm
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Improve the performance of your Joomla articles (part 1)
Blog - JoomlaWorks Dec 4, 2020 | 16:44 pm
Read more...
The performance of the default article system in Joomla really sucks big time, that's a well know fact.It''s actually one of the reasons we built K2 in the first place.And as we venture into Joomla 4 territory, instead of seeing[…] -
publisher, 3.0.19, XSS (Cross Site Scripting)
Vulnerable Extensions Nov 4, 2020 | 21:51 pmpublisher, 3.0.19, 3rd party extension, XSS (Cross Site Scripting)
Read more... -
paGO Commerce,2.5.9.0, SQL Injection
Vulnerable Extensions Oct 20, 2020 | 09:12 ampaGO Commerce, 2.5.9.0, 3rd party extension, SQL Injection
Read more... -
K2 Plugin for sh404SEF version 1.6.0 released
Blog - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
Social Chat, 1.5 and Below, SQL Injection Iacopo Guarneri
Vulnerable Extensions Sep 13, 2020 | 21:14 pmSocial Chat, 1.5 and Below, 3rd party extension, SQL Injection Iacopo Guarneri
Read more... -
SocialConnect
Updated Extensions - JoomlaWorks Jul 22, 2020 | 16:40 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Jun 11, 2020 | 17:24 pm
Read more...
NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…] -
Simple Image Gallery Pro v3.8.0 released
Blog - JoomlaWorks Jun 10, 2020 | 15:51 pm
Read more...
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility.Here's what's been added or changed in Simple Image[…] -
AllVideos
Updated Extensions - JoomlaWorks May 22, 2020 | 14:22 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…] -
AllVideos 6.1.0 now available - adds Mixcloud support
Blog - JoomlaWorks May 22, 2020 | 14:13 pm
Read more...
Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Added support for Mixcloud embeds. Just use the pattern[…] -
K2
Updated Extensions - JoomlaWorks Apr 29, 2020 | 22:47 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
K2 v2.10.3 now available
blog Apr 29, 2020 | 20:21 pm
Read more...
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…] -
hwdplayer,4.2,SQL Injection
Vulnerable Extensions Apr 9, 2020 | 21:37 pmhwdplayer,4.2,SQL InjectionPossible abandonware also
Read more... -
Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS
Blog - JoomlaWorks Feb 12, 2020 | 09:58 am
Read more...
I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jan 28, 2020 | 19:37 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
Simple Image Gallery (free) v4.1.0 released
Blog - JoomlaWorks Jan 28, 2020 | 18:30 pm
Read more...
Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…] -
AllVideos v6.0.0 released - now Joomla 4 compatible!
Blog - JoomlaWorks Jan 17, 2020 | 17:26 pm
Read more...
Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…] -
Simple Image Gallery (free) v4.0.0 released - now Joomla 4 compatible!
Blog - JoomlaWorks Jan 11, 2020 | 18:13 pm
Read more...
Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…] -
RadioWave v1.2.0 released
Blog - JoomlaWorks Jan 8, 2020 | 19:37 pm
Read more...
RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…] -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Dec 5, 2019 | 12:49 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Sep 21, 2018 | 11:52 am
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
Rapicode, Multiple Extensions, Back Door
Vulnerable Extensions Mar 30, 2018 | 13:30 pmRapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]
Read more... -
Google Map Landkarten,4.2.3,SQL Injection
Vulnerable Extensions Mar 15, 2018 | 17:48 pmGoogle Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection
Read more... -
Fastball, SQL Injection
Vulnerable Extensions Mar 8, 2018 | 11:25 amFastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection
Read more... -
File Download Tracker,3.0,SQL Injection
Vulnerable Extensions Mar 7, 2018 | 23:41 pmFile Download Tracker by techsolsystem.com, 3.0, SQL Injection
Read more... -
SquadManagement,1.0.3,SQL Injection
Vulnerable Extensions Mar 7, 2018 | 11:04 amSquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection
Read more... -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…] -
K2 Next to be presented in JoomlaDay Brasil 2015
blog Aug 31, 2015 | 16:14 pm
Read more...
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…]
-
CVE-2019-13617
Latest security vulnerabilities Nginx products Jul 16, 2019 | 00:00 amnjs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)
Read more... -
CVE-2019-13067
Latest security vulnerabilities Nginx products Jun 29, 2019 | 00:00 amnjs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)
Read more... -
CVE-2019-12206
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more... -
CVE-2019-12207
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more... -
CVE-2019-12208
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more... -
CVE-2019-11837
Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)
Read more... -
CVE-2019-11838
Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)
Read more... -
CVE-2019-11839
Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)
Read more... -
CVE-2018-16844
Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 amnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]
Read more... -
CVE-2018-16845
Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 amnginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a[…]
Read more...