new module: python38:3.8

An update is available for python-more-itertools, pytest, python-psycopg2, python-urllib3, python-attrs, python-jinja2, python-requests, python-atomicwrites, modwsgi, python-asn1crypto, python-py, python-chardet, python-markupsafe, python-pluggy, Cython, python-psutil, python-wcwidth, babel,...

[SECURITY] Fedora 31 Update: ansible-2.9.7-1.fc31

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 30 Update: ansible-2.9.7-1.fc30

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 32 Update: ansible-2.9.7-1.fc32

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

GHSA-24M3-W8G9-JWPQ Information disclosure of source code in SimpleSAMLphp

Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...

com.shopizer:shopizer-shipping-canadapost-module (>=0.0.1 <=2.11.0), com.shopizer:shopizer-shipping-distance-processor (=2.0.3) +1 more potentially affected by CVE-2020-11007 via com.shopizer:sm-core-model (>=2.0.2 <=2.10.0)

com.shopizer:sm-core-model MAVEN version =2.0.2, =0.0.1, =2.0.2, =2.0.3 Source cves: CVE-2020-11007 Source advisory: OSV:GHSA-W8RC-PGXQ-X2CJ...

Node.js third-party modules: [flsaba] Stored XSS in the file and directory name when directories listing

I would like to report a Stored XSS in module "flsaba". It allows to inject malicious scripts in the file and directory name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: https://www.npmjs.com/package/flsaba version: 1.1.0 npm...

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.7)

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Nullscan - A Modular Framework Designed To Chain And Automate Security Tests

A modular framework designed to chain and automate security tests. It parses target definitions from the command line and runs corresponding modules and their nullscan-tools afterwards. It can also take hosts and start nmap first in order to perform a basic portscan and run the modules afterwards...

Information Disclosure

simplesamlphp is vulnerable to information disclosure. It does not properly handle a request with an uppercase file extension '.PHP', causing the server to disclose the contents of the file by sending to the browser instead of executing it and therefore leaking the sensitive source code in...

PT-2020-6766 · Inspircd +3 · Inspircd +3

Name of the Vulnerable Software and Affected Versions: InspIRCd versions prior to 2.0.29 InspIRCd versions prior to 3.6.0 Description: An issue was discovered in the pgsql module of InspIRCd, which contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this...

CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

CVE-2020-5301 Information disclosure of source code in SimpleSAMLphp

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question i...

IBM Data Risk Manager Authentication Bypass / Command Injection / File Download Exploit

IBM Data Risk Manager suffers from authentication bypass, command injection, insecure default password, and arbitrary file download vulnerabilities. Multiple Vulnerabilities in IBM Data Risk Manager By Pedro Ribeiro email protected from Agile Information Security Disclosure Date: 21/04/2020 | Las...

CVE-2020-9277

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks e.g., modify the admin password with no authentication...

Authentication flaw

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks e.g., modify the admin password with no authentication...

CVE-2020-9277

The CVE-2020-9277 entry concerns D-Link DSL-2640B B2 EU_4.01B devices, where authentication can be bypassed when accessing CGI modules, enabling an attacker to perform administrative tasks (e.g., changing the admin password) with no authentication. The vulnerability stems from the CGI handling on...

CVE-2020-9277

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks e.g., modify the admin password with no authentication...

Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP) Exploit

Exploit Title: Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow SEH + DEP Exploit Author: Bailey Belisario Tested On: Windows 7 Ultimate x64 Software Link: https://www.exploit-db.com/apps/32dc10d6e60ceb4d6e57052b6de3a0ba-easympegtodvd.exe Version: 1.7.11 Exploit Length: 1015 Bytes Steps : Open...