Node.js third-party modules: Arbitrary code execution via untrusted schemas in is-my-json-valid

I would like to report an arbitrary code execution vulnerability in is-my-json-valid. It allows to execute arbitrary code if an attacker-controlled schema is passed to is-my-json-valid. The module Readme doesn't say anything about the risks of untrusted schemas, so I by default assume that this i...

Windows Modules Installer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or creat...

KLA11806 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions. Below is a complete list of...

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. The framework is written in Ruby and provides a comprehensive set of modules for exploiting vulnerabilities, conducting social engineering attacks, and gathering information about targets. The repository contains...

CloudBees Jenkins Self-Organizing Swarm Plug-in Modules Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Self-Organizing Swarm Plug-in Modules Plugin is a plug-in that supports the...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels...

CVE-2020-2192

The CVE-2020-2192 entry covers a CSRF vulnerability in Jenkins Swarm Plugin (Self-Organizing Swarm Plug-in Modules) up to version 3.20. The issue arises because the plugin exposes API endpoints that add or remove agent labels and, in 3.20 and earlier, do not perform regular permission checks or r...

Cross site scripting

In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS...

CVE-2020-13761

In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS...

PT-2020-13663 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.19 Description: The issue arises from incorrect input validation of the module tag option in com modules, allowing for cross-site scripting XSS. Recommendations: For versions prior to 3.9.19, update to version...

Siemens En100 Improper Restriction of Operations within the Bounds of a Memory Buffer

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

Synology DiskStation Manager smart.cgi - Remote Command Execution

This Metasploit module exploits a vulnerability found in Synology DiskStation Manager DSM versions prior to 5.2-5967-5... This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule \d+&minor=?\d+&build=?\d...

Aggressive in-app advertising in Android

Recently, we've been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we...

Updated clamav packages fix security vulnerabilities

Updated clamav packages fix security vulnerabilities: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to...

Node.js third-party modules: Bypass of SSRF Vulnerability

Bypass of SSRF report https://hackerone.com/reports/793704 Fix applied after reporting the actual report did not prevent from SSRF issue. https://github.com/TryGhost/Ghost/commit/47739396705519a36018686894d1373e9eb92216diff-3aa52b4b8c6e0fb8422de65648e35887R101 The function fetchOembedData only...

CVE-2020-13241

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

CVE-2020-12888

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...