Y&k Iletisim Formu Security Vulnerabilities

KB5029186 - Description of the security update for SQL Server 2016 SP3 GDR: October 10, 2023

KB5029186 - Description of the security update for SQL Server 2016 SP3 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update...

KB5029185 - Description of the security update for SQL Server 2014 SP3 CU4: October 10, 2023

KB5029185 - Description of the security update for SQL Server 2014 SP3 CU4: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update...

KB5029184 - Description of the security update for SQL Server 2014 SP3 GDR: October 10, 2023

KB5029184 - Description of the security update for SQL Server 2014 SP3 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update...

KB5029187 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: October 10, 2023

KB5029187 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

GLPI GZIP(Py3) 9.4.5 Remote Code Execution

...

Unbreakable Enterprise kernel security update

[5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....

GLPI GZIP(Py3) 9.4.5 - RCE

...

GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit

...

k-online.com Cross Site Scripting vulnerability OBB-3731158

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

k-silikat.ru Cross Site Scripting vulnerability OBB-3722971

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-4530

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before...

CVE-2023-4530

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before...

k-daidouyouchien.org Cross Site Scripting vulnerability OBB-3722805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for SQL Injection in Koha-Community Koha Library Software

CVE-2023-44961 PoC for CVE-2023-44961 Description This is...

Know your Malware – A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware

With the launch of Wordfence CLI, our high performance security scanner that can detect the vast majority of PHP malware targeting WordPress, Wordfence continues to emphasize the importance of malware detection and remediation. Malware targeting WordPress uses a variety of obfuscation techniques...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service

...

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS

Title: Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Advisory ID: ZSL-2023-5795 Type: Local/Remote Impact: DoS Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television...

CVE-2023-5272

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to....

CVE-2023-5273

A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2023-5270

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to...

CVE-2023-5269

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been...

CVE-2023-5271

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the...

Authorization

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Input validation

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or...

CVE-2023-4934

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before...

CVE-2023-4934

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before...

CVE-2023-4737

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before...

CVE-2023-4737

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before...

CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to...

CVE-2023-35071

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915...

CVE-2023-35071

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915...

Getting RCE in Chrome with incorrect side effect in the JIT compiler

In this post, I'll explain how to exploit CVE-2023-3420, a type confusion vulnerability in v8 (the Javascript engine of Chrome), that I reported in June 2023 as bug 1452137. The bug was fixed in version 114.0.5735.198/199. It allows remote code execution (RCE) in the renderer sandbox of Chrome by.....

Signal Will Leave the UK Rather Than Add a Backdoor

Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country's recently passed Online Safety Bill forced...

k.4shared.com Open Redirect vulnerability OBB-3711191

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

About the security content of macOS Sonoma 14

About the security content of macOS Sonoma 14 This document describes the security content of macOS Sonoma 14. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...

yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`

Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined....

yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`

Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined....

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC

Title: RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Advisory ID: ZSL-2023-5788 Type: Local/Remote Impact: System Access, DoS Risk: (3/5) Release Date: 22.09.2023 Summary Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems...

(RHSA-2023:5337) Important: Red Hat Integration Camel K 1.10.2 release security update

A security update for Camel K 1.10.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): quarkus-vertx-http: quarkus: HTTP security policy bypass(CVE-2023-4853) See the Red Hat Security Bulletin in the References section for...

sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

Path traversal

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...