REDCap < 9.1.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges t...

REDCap Cross Site Scripting

Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. - Location example:...

REDCap 9.1.2 - Cross-Site Scripting

REDCap 9.1.2 - Cross-Site Scripting Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. -...

The vulnerability of the TCP Selective Acknowledgment mechanism in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the TCP Selective Acknowledgment mechanism in the Linux operating system arises due to a segmentation error in the retransmission queue. Exploiting this vulnerability allows an attacker to cause a service failure by sending a specially crafted sequence of SACK packets...

PT-2019-6223 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.0.21 Description: The issue is related to a use-after-free vulnerability in the btrfs queue work function, located in the fs/btrfs/async-thread.c file. This vulnerability can be exploited by mounting a crafted btrfs...

SUSE-SU-2019:1581-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15)

This update for the Linux Kernel 4.12.14-2522 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network...

CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

Oracle Linux 6 : kernel (ELSA-2019-1488)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1488 advisory. - net tcp: enforce tcpminsndmss in tcpmtuprobing Florian Westphal 1719614 CVE-2019-11479 - net tcp: add tcpminsndmss sysctl Florian Westphal 1719614...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)

Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel pani...

CVE-2019-11478 SACK can cause extensive memory use via fragmented resend queue

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4689)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4689 advisory. - tcp: enforce tcpminsndmss in tcpmtuprobing Eric Dumazet Orabug: 29886601 CVE-2019-11477 - tcp: add tcpminsndmss sysctl Eric Dumazet Orabug:...

[SECURITY] [DLA 1823-1] linux security update

Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

PT-2019-16987 · Ibm · Ibm Mq Advanced Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM MQ Advanced Cloud Pak versions 1.0.0 through 3.0.1 Description: The issue allows a local user to read user credentials stored in plain text. Recommendations: For IBM MQ Advanced Cloud Pak versions 1.0.0 through 3.0.1, consider restricting...

IBM Security Information Queue Information Disclosure Vulnerability (CNVD-2019-19829)

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue versions 1.0.0, 1.0.1, and 1.0.2. An...

IBM Security Information Queue Input Validation Error Vulnerability

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue versions 1.0.0, 1.0.1, and 1.0.2, which...

CVE-2019-4162

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM...

CVE-2019-4218

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227...