Engel & Völkers Technology GmbH: Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com)

Summary Taking advantage of the vulnerability reported in 914194, it has been possible to analyze certain application code and detect remote code execution at https://printshop.engelvoelkers.com/getzip.php?juid=1 due to a lack of sanitization of the inputs received by the web application. This...

Updated crawl packages fix security vulnerability

Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring CVE-2020-11722. This update fixes it, also updating crawl from version 0.23.2 to 0.24.1, with the following main gameplay changes: Vampire species simplifi...

MGASA-2020-0190 Updated crawl packages fix security vulnerability

Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring CVE-2020-11722. This update fixes it, also updating crawl from version 0.23.2 to 0.24.1, with the following main gameplay changes: Vampire species simplifi...

openSUSE: Security Advisory for crawl (openSUSE-SU-2020:0549-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0549-1 Security update for crawl

This update for crawl fixes the following issues: CVE-2020-11722: Fixed a remote code evaluation issue with lua loadstring boo1169381 Update to version 0.24.0 Vampire species simplified Thrown weapons streamlined Fedhas reimagined Sif Muna reworked Update to version 0.23.2 Trap system overhaul Ne...

Security update for crawl (moderate)

openSUSE Security Update: Security update for crawl Announcement ID: openSUSE-SU-2020:0549-1 Rating: moderate References: 1169381 Cross-References: CVE-2020-11722 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available...

Design/Logic Flaw

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

CVE-2019-10769

The provided data indicates CVE-2019-10769 affects the npm package safer-eval, which sandboxed evaluation uses the eval function. The vulnerability is described as Arbitrary Code Execution via generating a RangeError, with a detailed PoC published in the Huntr entry for safer-eval (1-NPM-SAFER-EV...

Zurmo 3.2.6 Out Of Band Code Evaluation

Out of Band Code Evaluation Vulnerability in Zurmo 3.2.6 Information -------------------- Advisory by Netsparker Name: Out of Band Code Evaluation in Zurmo Affected Software: Zurmo Affected Versions: 3.2.6 Homepage: http://zurmo.org Vulnerability: Out of Band Code Evaluation Severity: Critical...

Zurmo 3.2.6 Code Evaluation

Code Evaluation Vulnerability in Zurmo 3.2.6 Information -------------------- Advisory by Netsparker Name: Code Evaluation Vulnerability in Zurmo Affected Software: Zurmo Affected Versions: 3.2.6 Homepage: http://zurmo.org Vulnerability: Code Evaluation Severity: Critical Status: Not Fixed...

Malicious Package

Overview Version 1.0.3 of libubx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...

zzzphp CMS 1.6.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link:...

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

zzzphp CMS 1.6.1 - Cross-Site Request Forgery Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip...

zzzphp CMS 1.6.1 Cross Site Request Forgery

Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...

ZZZPHP CMS 1.6.1 Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

zzzphp CMS 1.6.1 - Remote Code Execution

zzzphp CMS 1.6.1 - Remote Code Execution Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version:...

zzzphp CMS 1.6.1 - Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6&7 and IBM® Runtime Environment Java™ Version 6&7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. IBM...

Remote code execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...