CVE-2020-15250 Information disclosure in JUnit4

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...

CVE-2020-15250

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...

GHSA-269G-PWP5-87PP TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability The JUnit4 test rule TemporaryFolder contains a local information disclosure vulnerability. Example of vulnerable code: java public static class HasTempFolder @Rule public TemporaryFolder folder = new TemporaryFolder; @Test public void testUsingTempFolder throws IOException...

cPanel Key Management Vulnerability

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A key management vulnerability exists in cPanel versions prior to 88.03, which stems from the creation of predictable...

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

Code injection

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

CVE-2020-26107

Summary: CVE-2020-26107 affects cPanel prior to 88.0.3, where an upgrade establishes predictable PowerDNS API keys, per multiple connected sources. Affected software: cPanel versions before 88.0.3. Root cause / vulnerability detail: During upgrade, the process creates predictable API keys for Pow...

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale

Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...

firefox security update

68.6.1-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Horak - Update to 68.6.0 build1 68.5.0-3 - Added fix for rhbz1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc Fri Feb 07 2020 J...

CVE-2020-2500

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and...

CVE-2020-2500

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and...

CVE-2020-2500

The CVE-2020-2500 entry concerns QNAP Helpdesk (Kayako service). The vulnerability is an improper access control flaw that allows an attacker to access sensitive data on the QNAP Kayako server by abusing API keys, potentially enabling control over the Helpdesk component. The underlying issue is a...

CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

CVE-2020-7014

CVE-2020-7014 describes a privilege-escalation flaw in Elasticsearch where an attacker who can create an API key and also obtain an authentication token can escalate privileges by generating a token with elevated rights. Affected Elasticsearch versions span 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1, with...

PT-2020-19339 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 6.7.0 through 6.8.7 Elasticsearch versions 7.0.0 through 7.6.1 Description: The issue concerns a privilege escalation flaw. If an attacker can create API keys and authentication tokens, they can perform a series of step...

Project iKy v2.6.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...