Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link:...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2020:1685-1)

This update for java-180-ibm fixes the following issues : java-180-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 bsc1172277,bsc1169511,bsc1160968 CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service CVE-2020-2754: Forward...

Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

Summary Asset Analyzer RAA has addressed the following vulnerability. IBM WebSphere Application Server was affected by a cross-site scripting. Vulnerability Details CVEID: CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Security update for java-1_8_0-openj9 (important)

openSUSE Security Update: Security update for java-180-openj9 Announcement ID: openSUSE-SU-2020:0841-1 Rating: important References: 1169511 1171352 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805...

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

SUSE-SU-2020:14391-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

GHSA-FPJM-RP2G-3R4C Django Rest Framework jwt allows obtaining new token from notionally invalidated token

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

Django Rest Framework jwt allows obtaining new token from notionally invalidated token

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

USN-4377-2 ca-certificates update

USN-4377-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root"...

USN-4377-1 ca-certificates update

The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update refreshes the included certificates to those contained in the 20190110 package...

USN-4377-1: ca-certificates update

The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update refreshes the included certificates to those contained in the 20190110 package...

How to Adjust the Veeam Service Provider Console Web UI Session Timeout

Purpose This article documents how to modify the Veeam Service Provider Console configuration to adjust the Web UI timeout. The default Web UI timeout is 1 hour, and tokens are good for up to 48 hours. Solution Tip: Use the copy button in the text blocks below to simplify specifying which file to...

Ansible Tower Unauthorized Access Vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage, and orchestrate computer systems.Ansible Tower is one of the task control applications that provides a user interface UI, dashboard, and REST API. A security...

Description of the Office Web Apps Server update: April 9, 2013

Description of the Office Web Apps Server update: April 9, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server. This update provides the latest fixes for Office Web Apps Server. Additionally, this update contains stability and performance improvements. Issues...

Description of the Office Web Apps Server update: April 9, 2013

Description of the Office Web Apps Server update: April 9, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server. This update provides the latest fixes for Office Web Apps Server. Additionally, this update contains stability and performance improvements. Issue th...

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-2654)

Summary There is a vulnerability in IBM® Java™ Version 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified...

Denial Of Service (DoS)

Quagga is a vulnerable to Denial Of Service DoS. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh RR messages. A configured BGP peer could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly,...

OPENSUSE-SU-2020:0368-1 Security update for texlive-filesystem

This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody bsc1159740 - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions bsc1158910 . - Made cron script more failsafe...

SUSE-SU-2020:0528-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 bsc1162972, bsc1160968 - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all -...