Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Debian Security Advisory 4364-1
Ruby Files ≈ Packet Storm Jan 9, 2019 | 16:05 pmDebian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.
Read more... -
Debian Security Advisory 4358-1
Ruby Files ≈ Packet Storm Dec 28, 2018 | 22:53 pmDebian Linux Security Advisory 4358-1 - The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used[…]
Read more... -
Red Hat Security Advisory 2018-3816-01
Ruby Files ≈ Packet Storm Dec 13, 2018 | 19:19 pmRed Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2018-3729-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3729-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and[…]
Read more... -
Red Hat Security Advisory 2018-3730-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3730-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and[…]
Read more... -
Red Hat Security Advisory 2018-3731-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3731-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and[…]
Read more... -
Red Hat Security Advisory 2018-3738-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3738-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a name equality check.
Read more... -
Ubuntu Security Notice USN-3808-1
Ruby Files ≈ Packet Storm Nov 6, 2018 | 22:03 pmUbuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly[…]
Read more... -
Red Hat Security Advisory 2018-3466-01
Ruby Files ≈ Packet Storm Nov 5, 2018 | 21:51 pmRed Hat Security Advisory 2018-3466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Debian Security Advisory 4332-1
Ruby Files ≈ Packet Storm Nov 4, 2018 | 00:23 amDebian Linux Security Advisory 4332-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.
Read more...
Published in: Script Security
-
PEAR Archive_Tar PHP Object Injection
PHP Files ≈ Packet Storm Jan 11, 2019 | 00:33 amPEAR Archive_Tar versions prior to 1.4.4 suffers from a php object injection vulnerability.
Read more... -
SugarCRM Web Logic Hooks Module Path Traversal
PHP Files ≈ Packet Storm Jan 2, 2019 | 00:55 amSugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic[…]
Read more... -
SugarCRM Web Logic Hooks Module PHP Code Injection
PHP Files ≈ Packet Storm Jan 2, 2019 | 00:44 amSugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web[…]
Read more... -
SugarCRM addLabels PHP Code Injection
PHP Files ≈ Packet Storm Jan 1, 2019 | 23:22 pmSugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method[…]
Read more... -
SugarCRM WorkFlow PHP Code Injection
PHP Files ≈ Packet Storm Jan 1, 2019 | 21:21 pmSugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used[…]
Read more... -
SugarCRM SaveDropDown PHP Code Injection
PHP Files ≈ Packet Storm Jan 1, 2019 | 20:33 pmSugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns[…]
Read more... -
How To Exploit PHP Remotely To Bypass Filters And WAF Rules
PHP Files ≈ Packet Storm Dec 25, 2018 | 11:11 amWhitepaper called How to Exploit PHP Remotely to Bypass Filters and WAF Rules.
Read more... -
WordPress Snap Creek Duplicator Code Injection
PHP Files ≈ Packet Storm Dec 12, 2018 | 06:19 amWhen the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not[…]
Read more... -
PHP Source Code Analysis
PHP Files ≈ Packet Storm Dec 12, 2018 | 05:55 amWhitepaper called PHP Source Code Analysis. Written in Turkish.
Read more... -
Debian Security Advisory 4353-1
PHP Files ≈ Packet Storm Dec 11, 2018 | 20:15 pmDebian Linux Security Advisory 4353-1 - Multiple security issues were found in PHP, a widely-used open source denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a insufficient input validation which can[…]
Read more...
Published in: Script Security
-
Webmin 1.900 Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2019 | 15:44 pmThis Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field[…]
Read more... -
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
CGI Files ≈ Packet Storm Nov 19, 2018 | 20:09 pmSynaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass[…]
Read more... -
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
CGI Files ≈ Packet Storm Oct 15, 2018 | 18:58 pmThe FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or[…]
Read more... -
Teltonika RUT9XX Reflected Cross Site Scripting
CGI Files ≈ Packet Storm Oct 12, 2018 | 18:22 pmTeltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Read more... -
Teltonika RUT9XX Unauthenticated OS Command Injection
CGI Files ≈ Packet Storm Oct 12, 2018 | 18:16 pmTeltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Read more... -
man-cgi Local File Inclusion
CGI Files ≈ Packet Storm Aug 8, 2018 | 03:11 amman-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
Read more... -
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Configuration Download
CGI Files ≈ Packet Storm Jul 16, 2018 | 23:11 pmMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in[…]
Read more... -
Geutebruck simple_loglistjs.cgi Remote Command Execution
CGI Files ≈ Packet Storm Jul 2, 2018 | 18:16 pmThis Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware
Read more... -
Ubuntu Security Notice USN-3665-1
CGI Files ≈ Packet Storm May 31, 2018 | 22:38 pmUbuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only[…]
Read more... -
Teradek VidiU Pro 3.0.3 (snapshot.cgi) Stream Disclosure
CGI Files ≈ Packet Storm May 22, 2018 | 17:55 pmTeradek VidiU Pro version 3.0.3 suffers from a stream disclosure vulnerability in snapshot.cgi.
Read more...
snaplitics made a real revolution in the industry.
Published in: Script Security
-
Red Hat Security Advisory 2019-0085-01
Python Files ≈ Packet Storm Jan 17, 2019 | 01:17 amRed Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.
Read more... -
Red Hat Security Advisory 2019-0082-01
Python Files ≈ Packet Storm Jan 17, 2019 | 01:13 amRed Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a[…]
Read more... -
Red Hat Security Advisory 2019-0051-01
Python Files ≈ Packet Storm Jan 17, 2019 | 01:01 amRed Hat Security Advisory 2019-0051-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a[…]
Read more... -
blueman set_dhcp_handler D-Bus Privilege Escalation
Python Files ≈ Packet Storm Jan 16, 2019 | 16:19 pmThis Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization,[…]
Read more... -
Scapy Packet Manipulation Tool 2.4.2
Python Files ≈ Packet Storm Jan 11, 2019 | 00:41 amScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
Debian Security Advisory 4363-1
Python Files ≈ Packet Storm Jan 9, 2019 | 00:23 amDebian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.
Read more... -
Stegano 0.9.0
Python Files ≈ Packet Storm Dec 19, 2018 | 06:02 amStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced[…]
Read more... -
Unitrends Enterprise Backup bpserverd Privilege Escalation
Python Files ≈ Packet Storm Nov 28, 2018 | 19:07 pmIt was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target[…]
Read more... -
Htcap Analysis Tool 1.1.0
Python Files ≈ Packet Storm Nov 28, 2018 | 19:01 pmHtcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is[…]
Read more... -
Gentoo Linux Security Advisory 201811-18
Python Files ≈ Packet Storm Nov 27, 2018 | 05:49 amGentoo Linux Security Advisory 201811-18 - A vulnerability in Tablib might allow remote attackers to execute arbitrary python commands. Versions less than 0.12.1 are affected.
Read more...
Published in: Script Security