Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Ruby On Rails 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Jul 27, 2020 | 18:38 pmRuby On Rails version 5.0.1 remote code execution exploit.
Read more... -
Red Hat Security Advisory 2020-2839-01
Ruby Files ≈ Packet Storm Jul 7, 2020 | 16:18 pmRed Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Read more... -
Red Hat Security Advisory 2020-2769-01
Ruby Files ≈ Packet Storm Jun 30, 2020 | 18:04 pmRed Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Keystone 0.9.2
Ruby Files ≈ Packet Storm Jun 23, 2020 | 21:24 pmKeystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages,[…]
Read more... -
Red Hat Security Advisory 2020-2480-01
Ruby Files ≈ Packet Storm Jun 10, 2020 | 15:12 pmRed Hat Security Advisory 2020-2480-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-2288-01
Ruby Files ≈ Packet Storm May 26, 2020 | 14:42 pmRed Hat Security Advisory 2020-2288-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-2212-01
Ruby Files ≈ Packet Storm May 19, 2020 | 14:55 pmRed Hat Security Advisory 2020-2212-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-1963-01
Ruby Files ≈ Packet Storm Apr 29, 2020 | 16:04 pmRed Hat Security Advisory 2020-1963-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.
Read more... -
Gentoo Linux Security Advisory 202003-09
Ruby Files ≈ Packet Storm Mar 14, 2020 | 17:08 pmGentoo Linux Security Advisory 202003-9 - A vulnerability in OpenID library for Ruby at worst might allow an attacker to bypass authentication. Versions less than 2.9.2 are affected.
Read more... -
Gentoo Linux Security Advisory 202003-06
Ruby Files ≈ Packet Storm Mar 13, 2020 | 14:58 pmGentoo Linux Security Advisory 202003-6 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.4.9:2.4 are affected.
Read more...
Published in: Script Security
-
Baldr Botnet Panel Shell Upload
PHP Files ≈ Packet Storm Jul 29, 2020 | 18:56 pmThis Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new[…]
Read more... -
Pandora FMS 7.0 NG 7XX Remote Command Execution
PHP Files ≈ Packet Storm Jul 11, 2020 | 14:16 pmThis Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability[…]
Read more... -
Impress CMS 1.4.0 Code Execution / SQL Injection
PHP Files ≈ Packet Storm Jul 10, 2020 | 14:46 pmImpress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution.
Read more... -
PHP 7.4 FFI disable_functions Bypass
PHP Files ≈ Packet Storm Jul 9, 2020 | 16:44 pmPHP version 7.4 FFI disable_functions bypass proof of concept exploit.
Read more... -
Red Hat Security Advisory 2020-2835-01
PHP Files ≈ Packet Storm Jul 7, 2020 | 16:17 pmRed Hat Security Advisory 2020-2835-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include an underflow vulnerability.
Read more... -
openSIS 7.4 Unauthenticated PHP Code Execution
PHP Files ≈ Packet Storm Jul 6, 2020 | 21:13 pmThis Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which[…]
Read more... -
Nagios XI 5.6.12 Remote Code Execution
PHP Files ≈ Packet Storm Jul 6, 2020 | 20:55 pmNagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.
Read more... -
e-learning PHP Script 0.1.0 SQL Injection
PHP Files ≈ Packet Storm Jul 1, 2020 | 15:39 pme-learning PHP Script version 0.1.0 suffers from a remote SQL injection vulnerability.
Read more... -
PHP-Fusion 9.03.60 PHP Object Injection
PHP Files ≈ Packet Storm Jul 1, 2020 | 15:38 pmPHP-Fusion version 9.03.60 suffers from a PHP object injection vulnerability.
Read more... -
Agent Tesla Panel Remote Code Execution
PHP Files ≈ Packet Storm Jun 18, 2020 | 21:38 pmThis Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to[…]
Read more...
Published in: Script Security
-
Cayin CMS NTP Server 11.0 Remote Code Execution
CGI Files ≈ Packet Storm Jun 18, 2020 | 16:04 pmThis Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]
Read more... -
Cayin Content Management Server 11.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:29 pmCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
Read more... -
Cayin Signage Media Player 3.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:26 pmCAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
Read more... -
Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write
CGI Files ≈ Packet Storm Jun 4, 2020 | 16:43 pmSecure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files[…]
Read more... -
Synology DiskStation Manager smart.cgi Remote Command Execution
CGI Files ≈ Packet Storm May 22, 2020 | 19:03 pmThis Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a[…]
Read more... -
Ubuntu Security Notice USN-4356-1
CGI Files ≈ Packet Storm May 13, 2020 | 14:26 pmUbuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid[…]
Read more... -
Zen Load Balancer 3.10.1 Directory Traversal
CGI Files ≈ Packet Storm Apr 23, 2020 | 19:32 pmThis Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
D-Link DIR-859 Unauthenticated Remote Command Execution
CGI Files ≈ Packet Storm Jan 22, 2020 | 16:26 pmD-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Read more... -
Barco WePresent file_transfer.cgi Command Injection
CGI Files ≈ Packet Storm Jan 14, 2020 | 16:16 pmThis Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
Read more... -
Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
CGI Files ≈ Packet Storm Sep 9, 2019 | 23:46 pmThe Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
Read more...
snaplitics made a real revolution in the industry.
Published in: Script Security
-
Cisco ASA / FTD Remote File Disclosure
Python Files ≈ Packet Storm Jul 29, 2020 | 00:09 amThis Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
Read more... -
Red Hat Security Advisory 2020-3185-01
Python Files ≈ Packet Storm Jul 28, 2020 | 14:44 pmRed Hat Security Advisory 2020-3185-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include an out of bounds read vulnerability.
Read more... -
Scapy Packet Manipulation Tool 2.4.4rc2
Python Files ≈ Packet Storm Jul 27, 2020 | 18:40 pmScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
Ubuntu Security Notice USN-4428-1
Python Files ≈ Packet Storm Jul 22, 2020 | 17:23 pmUbuntu Security Notice 4428-1 - It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04[…]
Read more... -
Scapy Packet Manipulation Tool 2.4.4rc1
Python Files ≈ Packet Storm Jul 20, 2020 | 19:36 pmScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
nfstream 5.2.0
Python Files ≈ Packet Storm Jul 20, 2020 | 19:22 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Plex Unpickle Dict Windows Remote Code Execution
Python Files ≈ Packet Storm Jul 17, 2020 | 19:41 pmThis Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo[…]
Read more... -
SMB12 Information Gathering
Python Files ≈ Packet Storm Jul 17, 2020 | 19:34 pmSMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS[…]
Read more... -
nfstream 5.1.6
Python Files ≈ Packet Storm Jul 12, 2020 | 18:58 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Keystone 0.9.2
Python Files ≈ Packet Storm Jun 23, 2020 | 21:24 pmKeystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages,[…]
Read more...
Published in: Script Security