Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Red Hat Security Advisory 2020-5554-01
Ruby Files ≈ Packet Storm Dec 16, 2020 | 18:09 pmRed Hat Security Advisory 2020-5554-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-4134-01
Ruby Files ≈ Packet Storm Sep 30, 2020 | 15:52 pmRed Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3574-01
Ruby Files ≈ Packet Storm Aug 27, 2020 | 22:29 pmRed Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3358-01
Ruby Files ≈ Packet Storm Aug 6, 2020 | 17:07 pmRed Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
OpenEMR 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Aug 3, 2020 | 16:52 pmOpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
Read more... -
Ruby On Rails 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Jul 27, 2020 | 18:38 pmRuby On Rails version 5.0.1 remote code execution exploit.
Read more... -
Red Hat Security Advisory 2020-2839-01
Ruby Files ≈ Packet Storm Jul 7, 2020 | 16:18 pmRed Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Read more... -
Red Hat Security Advisory 2020-2769-01
Ruby Files ≈ Packet Storm Jun 30, 2020 | 18:04 pmRed Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Keystone 0.9.2
Ruby Files ≈ Packet Storm Jun 23, 2020 | 21:24 pmKeystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages,[…]
Read more... -
Red Hat Security Advisory 2020-2480-01
Ruby Files ≈ Packet Storm Jun 10, 2020 | 15:12 pmRed Hat Security Advisory 2020-2480-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more...
Published in: Script Security
-
PEAR Archive_Tar Arbitrary File Write
PHP Files ≈ Packet Storm Jan 25, 2021 | 14:51 pmThis Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file[…]
Read more... -
PHP-Fusion 9.03.90 Cross Site Request Forgery
PHP Files ≈ Packet Storm Jan 15, 2021 | 14:59 pmPHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more... -
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
PHP Files ≈ Packet Storm Jan 12, 2021 | 16:32 pmWordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more... -
WordPress wpDiscuz 7.0.4 Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:28 pmThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more... -
Practical PHP Security
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:18 pmWhitepaper called Practical PHP Security.
Read more... -
WordPress Autoptimize Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 14:49 pmWordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote[…]
Read more... -
qdPM 9.1 PHP Object Injection
PHP Files ≈ Packet Storm Dec 31, 2020 | 15:07 pmqdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
Read more... -
Gentoo Linux Security Advisory 202012-16
PHP Files ≈ Packet Storm Dec 24, 2020 | 17:17 pmGentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
Read more... -
TerraMaster TOS 4.2.06 Remote Code Execution
PHP Files ≈ Packet Storm Dec 23, 2020 | 17:08 pmThis Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
Read more... -
WordPress Yet Another Stars Rating PHP Object Injection
PHP Files ≈ Packet Storm Dec 18, 2020 | 18:58 pmThis Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
Read more...
Published in: Script Security
-
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more... -
Go CGI / FastCGI Transport Cross Site Scripting
CGI Files ≈ Packet Storm Sep 2, 2020 | 15:00 pmThe CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more... -
Geutebruck testaction.cgi Remote Command Execution
CGI Files ≈ Packet Storm Aug 17, 2020 | 17:40 pmThis Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions
Read more... -
Cayin CMS NTP Server 11.0 Remote Code Execution
CGI Files ≈ Packet Storm Jun 18, 2020 | 16:04 pmThis Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]
Read more...
snaplitics made a real revolution in the industry.
Published in: Script Security
-
Gentoo Linux Security Advisory 202101-18
Python Files ≈ Packet Storm Jan 25, 2021 | 14:38 pmGentoo Linux Security Advisory 202101-18 - Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.18-r6:2.7 are affected.
Read more... -
Ubuntu Security Notice USN-4668-4
Python Files ≈ Packet Storm Jan 12, 2021 | 16:14 pmUbuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt[…]
Read more... -
Ubuntu Security Notice USN-4668-3
Python Files ≈ Packet Storm Jan 4, 2021 | 17:25 pmUbuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could[…]
Read more... -
Erlang Bytecode String Converter
Python Files ≈ Packet Storm Dec 21, 2020 | 17:30 pmestr2bc is a python script to convert arbitrary string input to Erlang bytecode.
Read more... -
Red Hat Security Advisory 2020-5581-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:19 pmRed Hat Security Advisory 2020-5581-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include code execution and denial of service vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-5571-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:19 pmRed Hat Security Advisory 2020-5571-01 - python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for setuptools / pip. Issues addressed include a cross site scripting vulnerability.
Read more... -
Red Hat Security Advisory 2020-5412-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:08 pmRed Hat Security Advisory 2020-5412-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2020-5435-01
Python Files ≈ Packet Storm Dec 15, 2020 | 15:41 pmRed Hat Security Advisory 2020-5435-01 - The python-rtslib package provides a Python library to configure the kernel target subsystem, using the configfs file system.
Read more... -
Ubuntu Security Notice USN-4668-1
Python Files ≈ Packet Storm Dec 10, 2020 | 16:04 pmUbuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.
Read more... -
Ubuntu Security Notice USN-4668-2
Python Files ≈ Packet Storm Dec 10, 2020 | 15:57 pmUbuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were[…]
Read more...
Published in: Script Security