Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...

CVE-2019-8122

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...

CVE-2019-1981 Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

FusionPBX Command exec.php Command Execution

This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...

Cross site scripting

Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...

CVE-2019-18205

Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...

CVE-2019-5536

VMware ESXi 6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG, Workstation 15.x before 15.5.0 and Fusion 11.x before 11.5.0 contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privilege...

CVE-2019-5536

VMware ESXi 6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG, Workstation 15.x before 15.5.0 and Fusion 11.x before 11.5.0 contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privilege...

[SECURITY] Fedora 31 Update: libapreq2-2.13-38.fc31

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

[SECURITY] Fedora 31 Update: jackson-databind-2.10.0-1.fc31

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

Password Lense - Reveal Character Types In A Password

What is this? Certain characters in passwords 'O' and '0', 'I' and 'l', etc. can be hard to identify when you need to type them in and copy-paste is unavailable. Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Feature...

CVE-2019-16987

In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

OPENSUSE-SU-2019:2340-1 Security update for dhcp

This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes bsc1134078. Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings bsc1089524. - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6...

Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Informatio...

SpotAuditor 5.3.1.0 Denial Of Service

Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service Author: Sanjana Shetty Date: 2019-10-13 Version: SpotAuditor 5.3.1.0 Vendor Homepage: http://www.nsauditor.com Software link: http://spotauditor.nsauditor.com/ Steps 1 Install the SpotAuditor software 2 Access the register functionality 3 In...

SpotAuditor 5.3.1.0 - Denial of Service

SpotAuditor 5.3.1.0 - Denial of Service Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service Author: Sanjana Shetty Date: 2019-10-13 Version: SpotAuditor 5.3.1.0 Vendor Homepage: http://www.nsauditor.com Software link: http://spotauditor.nsauditor.com/ Steps 1 Install the SpotAuditor software 2...

Security feature bypass

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2613-1)

This update for the Linux Kernel 3.12.74-6064107 fixes one issue. The following security issue was fixed : CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest...

Service Update 0.9 for Microsoft Dynamics 365 9.0

Service Update 0.9 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.8 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.8. MORE INFORMATION Update package| Version number ---|--- Servi...