glimmer

This is a Python-based framework called Glimmer, which is a poc proof-of-concept framework for various attacks. The framework is designed to be extensible and allows users to write their own parsers for different protocols and targets. The framework has several dependencies, including rich,...

Lex Li vscode-restructuredtext access control error vulnerability

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

MetInfo suffers from a command execution vulnerability (CNVD-2021-29218)

MetInfo is a multi-language, full-featured, secure and stable, multi-terminal display and support for visual editing, easy to use enterprise station software. MetInfo has a command execution vulnerability that can be exploited by attackers to gain control of the server...

SQL injection vulnerability in SongCMS PHP version (CNVD-2021-28484)

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. SongCMS PHP version suffers from a SQL injection vulnerability, which can be exploited b...

Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has...

Arbitrary File Read Vulnerability in SongCMS

SongCMS is a free and open source CMS based on PHP+MySQL, ASP+Access/SQL Server development, enterprise-oriented, multi-language support. SSongCMS arbitrary file reading vulnerability , an attacker can use the vulnerability to read the site source code , any file...

The vulnerability of the Language Support component of the Microsoft Visual Studio Code Java Extension, related to improper code generation management, allows an attacker to execute arbitrary code.

The vulnerability of the Language Support component in the Microsoft Visual Studio Code Java Extension package is related to improper code generation management. Exploiting this vulnerability may allow an attacker to execute arbitrary code...

SQL Injection Vulnerability in SongCMS

SongCMS is a PHP+MySQL, ASP+Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users quickly build and deploy enterprise-level portals. SongCMS suffers from SQL injection vulnerability. An attacker can exploit the vulnerability...

Pwndoc - Pentest Report Generator

PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilitie...

Serverless at the Edge: Enabling Magical Unicorns

Before we dive straight into the magical unicorn from heaven that is serverless computing embedded within the CDN edge a direct customer quote that I want on a team T-shirt soon, let's first level-set on some basic concepts of computing. In the context of web experiences, IoT device messaging, an...

BEESCMS suffers from SQL injection vulnerability (CNVD-2020-48932)

BEESCMS adopts PHP+MYSQL, featuring multi-language system and easy expansion of content modules. BEESCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

File Deletion Vulnerability in SongCMS PHP Version

SongCMS is a PHP MySQL, ASP Access/SQL Server based development , enterprise-oriented , multi-language support , free , open source CMS, to help business users to quickly build and deploy enterprise-level portal . SongCMS arbitrary file deletion vulnerability , an attacker can exploit the...

Description of the security update for SharePoint Server 2019: June 9, 2020

Description of the security update for SharePoint Server 2019: June 9, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the followin...

Microsoft Dynamics CRM 2011 Update Rollup 11

Microsoft Dynamics CRM 2011 Update Rollup 11 INTRODUCTION Update Rollup 11 for Microsoft Dynamics CRM 2011 is available. This article describes the hotfixes and updates that are included in this update rollup. This update rollup is available for all languages that are supported by Microsoft...

OPENSUSE-SU-2020:0436-1 Security update for python-nltk

This update for python-nltk fixes the following issues: Update to 3.4.5 boo1146427, CVE-2019-14751: CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the unlikely situation where a user configures their downloader to use a compromised server boo1146427 Update to 3.4.4: fix bug in plo...

Security update for python-nltk (moderate)

openSUSE Security Update: Security update for python-nltk Announcement ID: openSUSE-SU-2020:0436-1 Rating: moderate References: 1146427 Cross-References: CVE-2019-14751 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17149)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...

Security update for libsolv, libzypp, zypper (moderate)

openSUSE Security Update: Security update for libsolv, libzypp, zypper Announcement ID: openSUSE-SU-2020:0255-1 Rating: moderate References: 1135114 1154804 1154805 1155198 1155205 1155298 1155678 1155819 1156158 1157377 1158763 Cross-References: CVE-2019-18900 Affected Products: openSUSE Leap 15...

SUSE-SU-2020:0432-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products bsc1155819. - Adds libzypp API to mark all...

CVE-2019-18212

XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...