metasploit-framework

This is an instance of the Metasploit Framework repository, a widely used penetration testing tool. The Metasploit Framework is a comprehensive platform for testing and exploiting vulnerabilities in computer systems and applications. It is a collection of tools and scripts that can be used to...

Tryton 5.4 Cross Site Scripting

Document Title: =============== Tryton v5.4 - Name Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2233 Release Date: ============= 2020-05-12 Vulnerability Laboratory ID VL-ID: ==================================== 22...

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

DEBIAN-CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

PT-2020-6568

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.7.16 Ansible Engine versions 2.8.x through 2.8.10 Ansible Engine versions 2.9.x through 2.9.6 Ansible Tower versions 3.4.5 and earlier Ansible Tower versions 3.5.5 and earlier Ansible Tower version 3.6.3...

DEBIAN-CVE-2020-10685

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

Design/Logic Flaw

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

PT-2020-6574

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.7.17 Ansible Engine versions 2.8.x through 2.8.11 Ansible Engine versions 2.9.x through 2.9.7 Ansible Tower versions 3.4.5 and earlier Ansible Tower versions 3.5.5 and earlier Ansible Tower versions 3.6....

Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Vendor: http://www.sentrifugo.com/ Link: http://www.sentrifugo.com/download Version: 3.2 Product & Service Introduction: ===============================...

LeptonCMS Cross-Site Scripting Vulnerability (CNVD-2020-35505)

LeptonCMS is a content management system CMS for the Lepton Project. A cross-site scripting vulnerability exists in the modules/wysiwyg/save.php file in LeptonCMS version 4.5.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

The vulnerability of the parsec inode permission module in the linux-astra-modules package, related to access control deficiencies for non-functional Unix sockets, allows a intruder to compromise data integrity.

The vulnerability of the parsec inode permission module in the linux-astra-modules package is related to deficiencies in access control for non-functional Unix sockets. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

DRUPAL-CONTRIB-2020-017

This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...

[20200601] - Core - XSS in modules heading tag option

Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks...

Node.js third-party modules: [xps] Command Injection via insecure command concatenation

I would like to report a Command Injection issue in the xps module. It allows to execute arbitrary commands on the victim's PC. Module module name: xps version: 1.0.2 npm page: https://www.npmjs.com/package/xps Module Description xps is a cross-platform library for listing and killing processes...

Node.js third-party modules: Prototype Pollution lodash 4.17.15

I would like to report Prototype Pollution in lodash version 4.17.15 It allows Denial of Service and more. Module module name: lodash version: 4.17.15 npm page: https://www.npmjs.com/package/lodash Module Description The Lodash library exported as Node.js modules. Module Stats 27M in the last wee...

Privilege escalation

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege...