Gwyn's Imagemap Selector Security Vulnerabilities

(RHSA-2021:0246) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0246 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0248)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0248 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0247)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0247 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

Exploit for Incorrect Authorization in Kubernetes

Create Kubernetes cluster ```bash kind create cluster ...

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover

Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

Design/Logic Flaw

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247 XXE in Nokogiri

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

New Relic: Stored XSS via malicious key value of Synthetics monitor tag when visiting an Insights dashboard with filtering enabled

Introduction & Context This is a complex XSS that requires multiple steps in order to setup. It also requires you to have a good understanding of both New Relic Insights, New Relic Synthetics monitors, and the NerdGraph API explorer. Background Context: New Relic Synthetics and the history of...

Mail.ru: XSS (reflected, and then, cookie persisted) on api documentation site theme selector (old version of dokuwiki)

Reflected XSS on apidocs.ucs.ru via GET parameter...

Description of Visual Studio 2010 Service Pack 1

Describes information about Visual Studio 2010 Service Pack 1 (SP1). Additionally, this article lists the fixed issues and added technology enhancements in Visual Studio 2010 SP1.NoticeSome of the downloads that are mentioned in this article are currently available on My.VisualStudio.com. This...

(RHSA-2020:5361) Important: Red Hat build of Thorntail 2.7.2 security and bug fix update

This release of Red Hat build of Thorntail 2.7.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Security Fix(es): picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299) ...

Stegseek - Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second

Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt* in under 2 seconds....

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.4 (RHSA-2020:5341)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5341 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.4 (RHSA-2020:5340)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5340 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.4 (RHSA-2020:5342)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5342 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

(RHSA-2020:5342) Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes.....

(RHSA-2020:5341) Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes.....

(RHSA-2020:5340) Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes.....

Exploit for Cross-site Scripting in Jquery

jQuery - New Wave JavaScript...

Exploit for Cross-site Scripting in Webtorrent

...

Exploit for Prototype Pollution in Jquery

jQuery — New Wave JavaScript...

Exploit for Cross-site Scripting in Dollarshaveclub Shave

...

Oops, I missed it again!

Written by Brandon Azad, when working at Project Zero This is a quick anecdotal post describing one of the more frustrating aspects of vulnerability research: realizing that you missed a bug that was staring you in the face only once you see the patched version! Some suspicious code After writing.....

FAMA - Forensic Analysis For Mobile Apps

LabCIF - Forensic Analysis for Mobile Apps Getting Started Android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications. Functionalities Extract user application data from...

Schneider Electric PLC Simulator for EcoStruxure Control Expert

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...

GNOME security, bug fix, and enhancement update

dleyna-renderer [0.6.0-3] - Add a manual Resolves: #1612579 frei0r-plugins [1.6.1-7] - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz#1703994 gdm [3.28.3-34] - Fix file descriptor leak Resolves: #1877853 [3.28.3-33] - Fix problem with Xorg...

WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques

Microsoft is known for their backwards compatibility. When they rolled out the 64-bit variant of Windows years ago they needed to provide compatibility with existing 32-bit applications. In order to provide seamless execution regardless of application bitness, the WoW (Windows on Windows) system...

(RHSA-2020:4931) Moderate: Red Hat Single Sign-On 7.4.3 security update

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.3 serves as a replacement for Red Hat Single Sign-On 7.4.2, and....

Exploit for Cross-site Scripting in Jquery

jQuery — New Wave JavaScript...

Exploit for Path Traversal in Iobroker Iobroker.Admin

ioBroker.admin ===================...

Fedora 33 : phpMyAdmin (2020-43d8624421)

Version 5.0.3 (2020-10-09) issue #15983 Require twig ^2.9 issue Fix option to import files locally appearing as not available issue #16048 Fix to allow NULL as a default bit value issue #16062 Fix 'htmlspecialchars() expects parameter 1 to be string, null given' on Export xml ...

Fedora 32 : phpMyAdmin (2020-4e78c86902)

Version 5.0.3 (2020-10-09) issue #15983 Require twig ^2.9 issue Fix option to import files locally appearing as not available issue #16048 Fix to allow NULL as a default bit value issue #16062 Fix 'htmlspecialchars() expects parameter 1 to be string, null given' on Export xml ...

Fedora 31 : phpMyAdmin (2020-eadda524a8)

Version 5.0.3 (2020-10-09) issue #15983 Require twig ^2.9 issue Fix option to import files locally appearing as not available issue #16048 Fix to allow NULL as a default bit value issue #16062 Fix 'htmlspecialchars() expects parameter 1 to be string, null given' on Export xml ...

Denial Of Service (DoS)

xnio is vulnerable to denial of service. A file descriptor leak caused by growing amounts of NIO Selector file handles may lead to an application...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 (Moderate) (RHSA-2020:4245)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4245 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6 (Moderate) (RHSA-2020:4244)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4244 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

(RHSA-2020:4247) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes...

(RHSA-2020:4246) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes...

(RHSA-2020:4245) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes...

(RHSA-2020:4244) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes...

XSS vulnerability when listing users on add & modify server pages.

Impact An XSS vulnerability exists in versions of Pterodactyl Panel before 0.7.19. Affected versions do not properly sanitize account names before rendering them to the dropdown selector in the admin area when creating or modifying a server. Patches This XSS has been addressed in 0.7.19 and will...

XSS vulnerability when listing users on add & modify server pages.

Impact An XSS vulnerability exists in versions of Pterodactyl Panel before 0.7.19. Affected versions do not properly sanitize account names before rendering them to the dropdown selector in the admin area when creating or modifying a server. Patches This XSS has been addressed in 0.7.19 and will...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14583 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...