EUVD-2019-3076

Malware in sbrugna...

CVE-2019-15037

An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1...

CVE-2019-15040

JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page...

CVE-2019-15039

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1...

CVE-2019-15042

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1...

CVE-2019-15038

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1...

liveSite Version 2019.1 - Remote Code Execution

Exploit Title: liveSite Version : 2019.1 Campaigns Remote Code Execution Date: 2024-1-9 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Campaigns Create Campaig...

CVE-2024-22638

liveSite v2019.1 was discovered to contain a remote code execution RCE vulenrabiity via the component /livesite/editdesignerregion.php or /livesite/addemailcampaign.php...

liveSite Security Breach

liveSite is an affordable platform for business websites. A security vulnerability exists in liveSite version v2019.1, which stems from a remote code execution vulnerability in the /livesite/editdesignerregion.php component...

PT-2024-19514 · Livesite · Livesite

Name of the Vulnerable Software and Affected Versions: liveSite version 2019.1 Description: The issue is related to a remote code execution RCE via the components "/livesite/edit designer region.php" or "/livesite/add email campaign.php". Recommendations: For liveSite version 2019.1, at the momen...

liveSite 2019.1 Remote Code Execution Vulnerability

Exploit Title: liveSite Version : 2019.1 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region Name:megamenu ,...

liveSite 2019.1 Remote Code Execution

Exploit Title: liveSite Version : 2019.1 Remote Code Execution Date: 2024-1-9 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region...

SUSE: Security Advisory (SUSE-SU-2019:14133-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Grupo Crk Banking Business Platform SQL Injection Vulnerability

Grupo Crk Banking Business Platform is a business management software from Grupo Crk, Portugal. A SQL injection vulnerability exists in CRK Business Platform version 2019.1 and prior versions that stems from allowing SQL statements to be injected into the database using the strSessao parameter...

CVE-2020-14728

CVE-2020-14728 affects Oracle NetSuite SuiteCommerce Advanced (SCA). Affected SCA versions include Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. The vulnerability is exposed via HTTP with network access, with low privileges and requires UI interaction. Root cause deta...

Progress Software MOVEit Transfer Cross-Site Scripting Vulnerability

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A cross-site scripting vulnerability exists in version 2019.1 prior to 2019.1.4 and version 2019.2 prior to 2019.2.1 in Progress Software MOVEit Transfer, which stems from a REST API endpoint that ...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

Cross site scripting

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

UPDATE: Tsurugi Linux 2019.1

Tsurugi Linux 2019.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux, that was released at BlackHat USA. This release includes a lot of bug fixes, updates, additi...

CVE-2019-15037

An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1...