CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

OPENSUSE-SU-2021:0045-1 Security update for rpmlint

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rpmlint (moderate)

openSUSE Security Update: Security update for rpmlint Announcement ID: openSUSE-SU-2021:0045-1 Rating: moderate References: 1169614 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for rpmlint fixes the following issues: -...

mad-metasploit

This repository is an offensive tool for Metasploit framework. It is a collection of custom modules, plugins, and resource scripts for Metasploit. The primary purpose of this repository is to provide a comprehensive set of tools for exploiting vulnerabilities in various systems and applications...

Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...

[SECURITY] Fedora 32 Update: python-py-1.10.0-1.fc32

The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...

Debian DLA-2513-1 : p11-kit security update

Several memory safety issues affecting the RPC protocol were fixed in p11-kit, a library providing a way to load and enumerate PKCS11 modules. CVE-2020-29361 Multiple integer overflows CVE-2020-29362 Heap-based buffer over-read For Debian 9 stretch, these problems have been fixed in version...

Debian DSA-4822-1 : p11-kit - security update

David Cook reported several memory safety issues affecting the RPC protocol in p11-kit, a library providing a way to load and enumerate PKCS11 modules. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4822. Th...

CVE-2020-26165

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used...

CVE-2019-7726

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request e.g., Referer and User-Agent...

Metasploit 2020 Wrap-Up

2020 was certainly an interesting year. There were quite a few newsworthy events and some fantastic exploit content released. Let’s take a look at what 2020 meant for Metasploit. Quick stats Some quick statistics for Metasploit’s year. 737 pull requests merged and counting A net gain of +179...

1E Client 权限许可和访问控制问题漏洞

1E Client is an agent-less endpoint management software from 1E 1E Client USA. An elevation of privilege vulnerability exists in 1E Client versions 4.1.0.267 and 5.0.0.745 that allows remote authenticated users and local users to gain elevated privileges via the REPAIR option. This applies to...

Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)

An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detectio...

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of...

Fedora: Security Advisory for p11-kit (FEDORA-2020-edcc40be4b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pulse Secure VPN Remote Code Execution Exploit

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation...

PoshBot - Powershell-based Bot Framework

PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness. What...

jackson-modules-java8: DoS due to an Improper Input Validation

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

vulhub2

It is an offensive tool for web application security training. The primary vulnerability targeted by this tool is not explicitly stated, but based on the provided code and metadata, it appears to be a web application vulnerability. The tool is designed to test the security of web applications, an...