Website File Changes Monitor < 1.8.3 - Admin+ SQLi

The plugin does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection PoC A user with manageoptions permission can exploit the vulnerability with the following request...

CVE-2022-32142

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a...

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

BloofoxCMS Cross-Site Request Forgery Vulnerability

BloofoxCMS is a free open source PHP + MySQL based Web content management system . A cross-site request forgery vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using mode=settings&page=editor to change the content of arbitrary files...

The vulnerability of the Advanced WAF/ASM TMUI application protection component of BIG-IP allows attackers to execute arbitrary commands, modify, or delete files.

The vulnerability of the Advanced WAF/ASM TMUI application protection component in BIG-IP is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary commands, modify or delete files remotely...

SUSE-SU-2020:3080-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...

Ricoh Printer Drivers - Local Privilege Escalation

Ricoh Printer Drivers - Local Privilege Escalation / This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded CVE-2019-19363. Written by Pentagrid AG, 2019. Cf...

Ricoh Printer Drivers - Local Privilege Escalation Exploit

/ This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded CVE-2019-19363. Written by Pentagrid AG, 2019. Cf. https://pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/...

CVE-2019-10934

A vulnerability has been identified in TIA Portal V14 All versions, TIA Portal V15 All versions V15.1 Update 7, TIA Portal V16 All versions V16 Update 6, TIA Portal V17 All versions V17 Update 4. Changing the contents of a configuration file could allow an attacker to execute arbitrary code with...

[SECURITY] Fedora 30 Update: patch-2.7.6-11.fc30

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

The vulnerability of the HP Support Assistant software, a centralized device management tool, stems from deficiencies in access control. This allows attackers to obtain system privileges and perform unauthorized changes to catalogs or files.

The vulnerability of the HP Support Assistant software for centralized device management is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to gain system privileges and perform unauthorized changes to catalogs or files...

CVE-2018-20892

cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling SEC-439...

CVE-2019-6328

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329...

CVE-2018-18331

A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations...

[SECURITY] Fedora 28 Update: patch-2.7.6-5.fc28

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

firefox security update

60.2.1-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.2.1-1 - Update to 60.2.1 ESR...

SUSE-SU-2018:1652-1 Security update for slurm

This update for slurm to version 17.02.11 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure proper handling of user names aka username fields and group ids aka gid fields bsc1095508. This non-security issue was fixed: - Move config files to slurm-config package t...

IniNet Solutions SCADA Web Server < 2.02.0000

Binary data 9011.prm...

OracleVM 3.3 : glibc (OVMSA-2015-0055)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix invalid file descriptor reuse while sending DNS query 1207995, CVE-2013-7423. - Fix buffer overflow in gethostbynamer with misaligned buffer 1209375, CVE-2015-1781. - Enhance nscd to detect any...

glibc security and bug fix update

2.12-1.149.7 - Fix invalid file descriptor reuse while sending DNS query 1207995, CVE-2013-7423. - Fix buffer overflow in gethostbynamer with misaligned buffer 1209375, CVE-2015-1781. 2.12-1.149.6 - Enhance nscd to detect any configuration file changes 1194149...