Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Red Hat Security Advisory 2019-1429-01
Ruby Files ≈ Packet Storm Jun 11, 2019 | 16:56 pmRed Hat Security Advisory 2019-1429-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2019-1289-01
Ruby Files ≈ Packet Storm May 29, 2019 | 15:27 pmRed Hat Security Advisory 2019-1289-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2019-1235-01
Ruby Files ≈ Packet Storm May 15, 2019 | 20:44 pmRed Hat Security Advisory 2019-1235-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2019-1147-01
Ruby Files ≈ Packet Storm May 13, 2019 | 17:14 pmRed Hat Security Advisory 2019-1147-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include denial of service and traversal vulnerabilities.
Read more... -
Red Hat Security Advisory 2019-1148-01
Ruby Files ≈ Packet Storm May 13, 2019 | 17:14 pmRed Hat Security Advisory 2019-1148-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2019-1151-01
Ruby Files ≈ Packet Storm May 13, 2019 | 17:14 pmRed Hat Security Advisory 2019-1151-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2019-1150-01
Ruby Files ≈ Packet Storm May 13, 2019 | 17:12 pmRed Hat Security Advisory 2019-1150-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2019-1149-01
Ruby Files ≈ Packet Storm May 13, 2019 | 17:11 pmRed Hat Security Advisory 2019-1149-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include denial of service and traversal vulnerabilities.
Read more... -
Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution
Ruby Files ≈ Packet Storm May 1, 2019 | 22:32 pmThis Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this[…]
Read more... -
Red Hat Security Advisory 2019-0796-01
Ruby Files ≈ Packet Storm Apr 23, 2019 | 18:27 pmRed Hat Security Advisory 2019-0796-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more...
Published in: Script Security
-
AROX School-ERP Pro Unauthenticated Remote Code Execution
PHP Files ≈ Packet Storm Jun 17, 2019 | 19:06 pmThis Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.
Read more... -
WebLord WL-Nuke Coppermine For PHP-Nuke 1.3.1c SQL Injection
PHP Files ≈ Packet Storm Jun 13, 2019 | 21:22 pmWebLord WL-Nuke Coppermine for PHP-Nuke version 1.3.1c suffers from a remote SQL injection vulnerability.
Read more... -
Ubuntu Security Notice USN-4009-2
PHP Files ≈ Packet Storm Jun 5, 2019 | 22:32 pmUbuntu Security Notice 4009-2 - USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly[…]
Read more... -
Ubuntu Security Notice USN-4009-1
PHP Files ≈ Packet Storm Jun 5, 2019 | 19:44 pmUbuntu Security Notice 4009-1 - It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information.[…]
Read more... -
LibreNMS addhost Command Injection
PHP Files ≈ Packet Storm Jun 4, 2019 | 23:07 pmThis Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of[…]
Read more... -
Interspire Email Marketer 6.20 Remote Code Execution
PHP Files ≈ Packet Storm May 23, 2019 | 17:08 pmInterspire Email Marketer version 6.20 suffers from a remote code execution vulnerability in surveys_submit.php.
Read more... -
Ubuntu Security Notice USN-3566-2
PHP Files ≈ Packet Storm May 22, 2019 | 16:39 pmUbuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this[…]
Read more... -
Shopware createInstanceFromNamedArguments PHP Object Instantiation
PHP Files ≈ Packet Storm May 22, 2019 | 02:48 amThis Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check[…]
Read more... -
PHP PHP_INI_SYSTEM Ineffective Controls
PHP Files ≈ Packet Storm May 21, 2019 | 22:22 pmSecurity controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
Read more... -
Schneider Electric U.Motion Builder 1.3.4 Command Injection
PHP Files ≈ Packet Storm May 14, 2019 | 16:05 pmSchneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in track_import_export.php.
Read more...
Published in: Script Security
-
Telus Actiontec WEB6000Q Denial Of Service
CGI Files ≈ Packet Storm Jun 12, 2019 | 20:44 pmTelus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]
Read more... -
RICOH SP 4520DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 20:22 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Read more... -
RICOH SP 4510DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 16:55 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Read more... -
Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure
CGI Files ≈ Packet Storm Apr 27, 2019 | 19:20 pmAn exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
CGI Files ≈ Packet Storm Apr 27, 2019 | 01:55 amAn exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
CGI Files ≈ Packet Storm Apr 27, 2019 | 01:44 amAn exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to,[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting
CGI Files ≈ Packet Storm Apr 26, 2019 | 23:01 pmAn exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
CGI Files ≈ Packet Storm Apr 26, 2019 | 23:01 pmAn exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
CGI Files ≈ Packet Storm Apr 26, 2019 | 22:32 pmAn exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection
CGI Files ≈ Packet Storm Apr 26, 2019 | 21:32 pmAn exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request[…]
Read more...
snaplitics made a real revolution in the industry.
Published in: Script Security
-
Red Hat Security Advisory 2019-1467-01
Python Files ≈ Packet Storm Jun 13, 2019 | 21:29 pmRed Hat Security Advisory 2019-1467-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Stegano 0.9.4
Python Files ≈ Packet Storm Jun 6, 2019 | 01:02 amStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced[…]
Read more... -
Red Hat Security Advisory 2019-1329-01
Python Files ≈ Packet Storm Jun 4, 2019 | 22:52 pmRed Hat Security Advisory 2019-1329-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape[…]
Read more... -
Red Hat Security Advisory 2019-1260-01
Python Files ≈ Packet Storm May 22, 2019 | 16:39 pmRed Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2019-1237-01
Python Files ≈ Packet Storm May 17, 2019 | 01:05 amRed Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage[…]
Read more... -
Red Hat Security Advisory 2019-1152-01
Python Files ≈ Packet Storm May 13, 2019 | 17:14 pmRed Hat Security Advisory 2019-1152-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape[…]
Read more... -
Red Hat Security Advisory 2019-1022-01
Python Files ≈ Packet Storm May 7, 2019 | 22:51 pmRed Hat Security Advisory 2019-1022-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage[…]
Read more... -
Red Hat Security Advisory 2019-0984-01
Python Files ≈ Packet Storm May 7, 2019 | 17:50 pmRed Hat Security Advisory 2019-0984-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2019-0997-01
Python Files ≈ Packet Storm May 7, 2019 | 17:49 pmRed Hat Security Advisory 2019-0997-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2019-0981-01
Python Files ≈ Packet Storm May 7, 2019 | 17:48 pmRed Hat Security Advisory 2019-0981-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL[…]
Read more...
Published in: Script Security