Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Red Hat Security Advisory 2019-0315-01
Ruby Files ≈ Packet Storm Feb 12, 2019 | 19:35 pmRed Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2019-0212-01
Ruby Files ≈ Packet Storm Feb 7, 2019 | 21:22 pmRed Hat Security Advisory 2019-0212-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Debian Security Advisory 4364-1
Ruby Files ≈ Packet Storm Jan 9, 2019 | 16:05 pmDebian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.
Read more... -
Debian Security Advisory 4358-1
Ruby Files ≈ Packet Storm Dec 28, 2018 | 22:53 pmDebian Linux Security Advisory 4358-1 - The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used[…]
Read more... -
Red Hat Security Advisory 2018-3816-01
Ruby Files ≈ Packet Storm Dec 13, 2018 | 19:19 pmRed Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2018-3729-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3729-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and[…]
Read more... -
Red Hat Security Advisory 2018-3730-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3730-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and[…]
Read more... -
Red Hat Security Advisory 2018-3731-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3731-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and[…]
Read more... -
Red Hat Security Advisory 2018-3738-01
Ruby Files ≈ Packet Storm Nov 30, 2018 | 15:59 pmRed Hat Security Advisory 2018-3738-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a name equality check.
Read more... -
Ubuntu Security Notice USN-3808-1
Ruby Files ≈ Packet Storm Nov 6, 2018 | 22:03 pmUbuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly[…]
Read more...
Published in: Script Security
-
PHP MySQLi Database Class 2.9.2 SQL Injection
PHP Files ≈ Packet Storm Mar 16, 2019 | 14:22 pmPHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.
Read more... -
Pegasus CMS 1.0 Remote Code Execution
PHP Files ≈ Packet Storm Mar 14, 2019 | 21:22 pmPegasus CMS version 1.0 suffers from a code execution vulnerability in extra_fields.php.
Read more... -
Ubuntu Security Notice USN-3902-2
PHP Files ≈ Packet Storm Mar 13, 2019 | 00:11 amUbuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use[…]
Read more... -
elFinder PHP Connector exiftran Command Injection
PHP Files ≈ Packet Storm Mar 12, 2019 | 18:30 pmThis Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name[…]
Read more... -
Debian Security Advisory 4403-1
PHP Files ≈ Packet Storm Mar 8, 2019 | 19:32 pmDebian Linux Security Advisory 4403-1 - Multiple security issues were found in PHP, a widely-used open source of invalid memory access and rename() was implemented insecurely.
Read more... -
QNAP TS-431 QTS Remote Command Execution
PHP Files ≈ Packet Storm Mar 7, 2019 | 20:02 pmThis Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php[…]
Read more... -
Ubuntu Security Notice USN-3902-1
PHP Files ≈ Packet Storm Mar 6, 2019 | 23:22 pmUbuntu Security Notice 3902-1 - It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered[…]
Read more... -
Drupal RESTful Web Services unserialize() Remote Code Execution
PHP Files ≈ Packet Storm Mar 6, 2019 | 19:18 pmThis Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that[…]
Read more... -
OpenDocMan 1.3.4 SQL Injection
PHP Files ≈ Packet Storm Mar 5, 2019 | 04:33 amOpenDocMan version 1.3.4 suffers from a remote SQL injection vulnerability in search.php.
Read more... -
Booked Scheduler 2.7.5 Remote Command Execution
PHP Files ≈ Packet Storm Mar 5, 2019 | 02:22 amThis Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file[…]
Read more...
Published in: Script Security
-
Imperva SecureSphere 13.x PWS Command Injection
CGI Files ≈ Packet Storm Mar 6, 2019 | 19:19 pmThis Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading[…]
Read more... -
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution
CGI Files ≈ Packet Storm Feb 5, 2019 | 03:33 amdevolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the[…]
Read more... -
Webmin 1.900 Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2019 | 15:44 pmThis Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field[…]
Read more... -
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
CGI Files ≈ Packet Storm Nov 19, 2018 | 20:09 pmSynaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass[…]
Read more... -
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
CGI Files ≈ Packet Storm Oct 15, 2018 | 18:58 pmThe FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or[…]
Read more... -
Teltonika RUT9XX Reflected Cross Site Scripting
CGI Files ≈ Packet Storm Oct 12, 2018 | 18:22 pmTeltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Read more... -
Teltonika RUT9XX Unauthenticated OS Command Injection
CGI Files ≈ Packet Storm Oct 12, 2018 | 18:16 pmTeltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Read more... -
man-cgi Local File Inclusion
CGI Files ≈ Packet Storm Aug 8, 2018 | 03:11 amman-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
Read more... -
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Configuration Download
CGI Files ≈ Packet Storm Jul 16, 2018 | 23:11 pmMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in[…]
Read more... -
Geutebruck simple_loglistjs.cgi Remote Command Execution
CGI Files ≈ Packet Storm Jul 2, 2018 | 18:16 pmThis Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware
Read more...
snaplitics made a real revolution in the industry.
Published in: Script Security
-
Stegano 0.9.1
Python Files ≈ Packet Storm Mar 7, 2019 | 02:58 amStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced[…]
Read more... -
Imperva SecureSphere 13.x PWS Command Injection
Python Files ≈ Packet Storm Mar 6, 2019 | 19:19 pmThis Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading[…]
Read more... -
Slackware Security Advisory - python Updates
Python Files ≈ Packet Storm Mar 4, 2019 | 22:54 pmSlackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Read more... -
Debian Security Advisory 4381-1
Python Files ≈ Packet Storm Feb 4, 2019 | 16:55 pmDebian Linux Security Advisory 4381-1 - Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document.
Read more... -
Red Hat Security Advisory 2019-0085-01
Python Files ≈ Packet Storm Jan 17, 2019 | 01:17 amRed Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.
Read more... -
Red Hat Security Advisory 2019-0082-01
Python Files ≈ Packet Storm Jan 17, 2019 | 01:13 amRed Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a[…]
Read more... -
Red Hat Security Advisory 2019-0051-01
Python Files ≈ Packet Storm Jan 17, 2019 | 01:01 amRed Hat Security Advisory 2019-0051-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a[…]
Read more... -
blueman set_dhcp_handler D-Bus Privilege Escalation
Python Files ≈ Packet Storm Jan 16, 2019 | 16:19 pmThis Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization,[…]
Read more... -
Scapy Packet Manipulation Tool 2.4.2
Python Files ≈ Packet Storm Jan 11, 2019 | 00:41 amScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
Debian Security Advisory 4363-1
Python Files ≈ Packet Storm Jan 9, 2019 | 00:23 amDebian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.
Read more...
Published in: Script Security
