WUZHI CMS SQL Injection Vulnerability (CNVD-2018-18142)

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the /coreframe/app/admin/pay/admin/index.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

Cross site scripting

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

[SECURITY] Fedora 28 Update: redis-4.0.10-1.fc28

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Red Hat openshift-ansible SSL Client Certificate Authentication Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications. openshift-ansible is one of the tools for installing, upgrading, and managing OpenShift. A security vulnerability exists in Red Hat openshift-ansible...

CVE-2016-10537

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...

Low: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Design/Logic Flaw

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker...

CVE-2017-12317

The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker...

Cb Defense October 2017 Release Speeds Up Your Response

During a response scenario, every minute counts. The faster you can complete your investigation, the faster you can start taking corrective action. That’s why this week we’re happy to announce the October 2017 update of Cb Defense, which improves search functionality within the Cb Defense console...

SSRF, Memcached and other key-value injections in the wild

Back in 2012 we released SSRF a different techniques to exploit Memcached servers and other services with host-based authentication through SSRF. Two years after, in 2014, I presented a Memcached injection techniques at Black Hat USA . There I mentioned that it’s possible to exploit it as a Remot...

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-15549)

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...

[SECURITY] Fedora 24 Update: redis-3.2.8-1.fc24

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 25 Update: redis-3.2.7-1.fc25

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Redis Local Information Disclosure Vulnerability

Redis is a set of open source written in ANSI C , network support , memory-based can also be persistent log-type , key-value store database , and provides a variety of languages API. A local information disclosure vulnerability exists in Redis, which can be exploited by an attacker to obtain...

DLA-577-1 redis - security update

Bulletin has no description...

Create TCP UDP Connections Over Audio Channel: Quiet-lwip

Quiet-lwip is a binding for libquiet to lwip . This binding can be used to create TCP and UDP connections over an audio channel. This channel may be speaker-to-mic “over the air” or through a wired connection. This binding provides an abstract version which emits and consumes floating point sampl...

Fedora 23 : proftpd-1.3.5a-5.fc23 (2015-7a89e8db70)

Part of the SFTP handshake involves 'extensions', which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length limitations when reading these SFTP extension...

Moderate: Red Hat Security Advisory: redis security advisory

Updated redis packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

TrueCrypt vulnerability analysis: than people think the more security-vulnerability warning-the black bar safety net

! TrueCrypt is a is millions on security and privacy lovers the favorite data encryption tool, but recently it broke some of the vulnerabilities. However, according to well-known Information Security Technology Institute of the Fraunhofer-out of a safety analysis report, it may still have to than...