The vulnerability of the update_log function (lib/Cleantalk/ApbctWP/Firewall/SFW.php) in spam protection modules, including AntiSpam and CleanTalk firewall plugins, allows attackers to execute arbitrary SQL queries.

The vulnerability of the updatelog function in modules for spam protection, AntiSpam, and CleanTalk firewall plugins is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

The vulnerability in the array distribution of the library for working with PKCS P11-kit modules allows a hacker to cause a service failure.

The vulnerability in the array distribution of the library for working with PKCS P11-kit modules is caused by a numerical overflow. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through using calls like realloc or calloc...

GHSA-5PR9-V234-JW36 Remote Code Execution via traversal in TAL expressions

Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...

Remote Code Execution via traversal in TAL expressions

Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...

DRUPAL-CONTRIB-2021-017

This module provides a revision UI to Block Content entities. The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules. This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions...

DRUPAL-CONTRIB-2021-016

This module provides a revision UI to Linky entities. The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules. This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided ...

Update of nginx-all-modules, nginx-filesystem, nginx-mod-stream, nginx-mod-http-perl, nginx-mod-http-xslt-filter, nginx-mod-http-geoip, nginx-mod-mail, nginx, nginx-mod-http-image-filter

...

Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-017

This module provides a revision UI to Block Content entities. The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules. This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions...

GHSA-962M-M8JW-8WRR Duplicate Advisory: Path Traversal in Zope

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted...

Duplicate Advisory: Path Traversal in Zope

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted...

CLICK PLC CPU Modules 安全漏洞

CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to eight I/O modules to expand the amount of system I/O and meet the needs of a specific application. Automation Direct CLICK PLC CPU Modules have a security vulnerability that allows an...

CLICK PLC CPU Modules 授权问题漏洞

CLICK PLC CPU Modules are Automation Direct's network devices A single CLICK CPU Module can be connected to up to 8 I/O modules to expand the amount of system I/O and meet the needs of a specific application. A security vulnerability exists in Automation Direct CLICK PLC CPU Modules that stems fr...

Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...

Race condition

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules R00/01/02CPU all versions, R04/08/16/32/120ENCPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions allows a remote unauthenticated...

CVE-2021-20591

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules R00/01/02CPU all versions, R04/08/16/32/120ENCPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions allows a remote unauthenticated...

CVE-2021-20591

CVE-2021-20591 affects Mitsubishi Electric MELSEC iQ-R Series CPU modules (R00/01/02CPU all versions; R04/08/16/32/120(EN)CPU all versions; R08/16/32/120SFCPU all versions; R08/16/32/120PCPU all versions; R08/16/32/120PSFCPU all versions). The vulnerability is an Uncontrolled Resource Consumption...

CVE-2021-32399

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...

Duplicate Advisory: Path Traversal in Zope

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. This advisory extends the previous advisory at...

SUSE SLES11 Security Update : sudo (SUSE-SU-2019:14193-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2019:14193-1 advisory. - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can...

CVE-2020-24475

Improper initialization in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access...