Cisco Data Center Network Manager getModules SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM

Pown.js is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in Pown is in fact a standalone NPM module allowing greater degree of reuse and...

Node.js third-party modules: [http-live-simulator] Application-level DoS

The http-live-simulator npm package has an application level DoS vulnerability...

vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This module has been tested successfully on Fedora 13 i686 kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu...

CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2642)

According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. Th...

New Wallarm Dashboard

There is an update in the Wallarm Console, which presents a brand new dashboard that can’t be missed. There are three significant changes that are worth mentioning: New structure. The dashboard has a new, clear structure emphasizing multiple modules of the Wallarm Platform — WAF, Scanner, FAST. T...

The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.

The vulnerability of the command-line tools for package managers NPM and Yarn is related to errors in link handling. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module directory thenodemodules, or by manipulating...

CVE-2019-18579

Settings for the Dell XPS 13 2-in-1 7390 BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt and PCIe behind TBT pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's...

GHSA-X8QC-RRCW-4R46 npm symlink reference outside of node_modules

Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of nodemodules. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would...

CVE-2019-13942

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

CVE-2019-13943

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

CVE-2019-13942

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

Design/Logic Flaw

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...

DEBIAN-CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

Amazon's Blink Smart Security Cameras Open to Hijack

Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things IoT cameras not to be confused with the Blink open-source browser engine, consist of a wireless...

EulerOS 2.0 SP2 : sudo (EulerOS-SA-2019-2414)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cau...

icsmaster

This repository, 'icsmaster', is an ICS/SCADA security resource collection. It contains various tools and scripts for identifying and exploiting vulnerabilities in industrial control systems. The repository includes a list of dorks search terms for finding vulnerable systems, as well as a...

Web Security Dog (Apache Edition) V4.0 suffers from sql injection bypass vulnerability

Website Security Dog is a server tool that integrates website content security protection, website resource protection and website traffic protection functions. Functions covered by the net horse / Trojan scanning, anti-SQL injection, anti-stolen links, anti-CC attacks, real-time website traffic...

The vulnerability of the Windows Modules Installer Service component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows Modules Installer Service component in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...