Fedora: Security Advisory for suricata (FEDORA-2023-8febb13d07)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for suricata (FEDORA-2023-43ac51ee44)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: suricata-6.0.11-1.fc36

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 37 Update: suricata-6.0.11-1.fc37

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Threat Roundup for April 14 to April 21

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 14 and April 21. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Katana - A Next-Generation Crawling And Spidering Framework

A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control -...

Qualys Security Updates: Cloud Agent for Windows and Mac

As part of our commitment to transparency and keeping customers and the community informed, Qualys is publicly disclosing three CVEs pertaining to the Qualys Cloud Agent for Windows and one CVE on the Qualys Cloud Agent for Mac. Qualys has confirmed there is no impact on the Qualys production...

Security Updates for Microsoft Word Products C2R (April 2023)

The Microsoft Word Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

The vulnerability affects the automount demons of the Tor browser, Firefox, Firefox ESR, and the Thunderbird email client, allowing a hacker to bypass security restrictions.

The vulnerability in Tor browser, Firefox, Firefox ESR, and Thunderbird email client’s automatic uninstallation feature is related to insufficient protection of service data during file path processing. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotel...

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

TCP & ICMP session are not resumed after Auto reconnect

TCP & ICMP session are not resumed after Auto reconnect TCP Expectation by Customer When the Citrix Gateway client is disconnected and reconnect itself automatically, we expected the TCP communications to be resumed through the retransmission capacity of TCP...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.35.10, 1.36.x through 1.38.6, and 1.39.x...

CVE-2023-1666

SourceCodester Automatic Question Paper Generator System 1.0 has a SQL injection vulnerability in the GET Parameter Handler, specifically in users/classes/view_class.php where manipulating the id parameter allows remote exploitation. The issue affects the view_class.php code path and is described...

Automatic Question Paper Generator System SQL注入漏洞

Automatic Question Paper Generator System is an automatic question paper generator system by Carlo Montero Personal Developer. A security vulnerability exists in SourceCodester Automatic Question Paper Generator System version 1.0, which stems from a problem in the file users/classes/viewclass.ph...

CVE-2022-47502

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=saveclass. The manipulation of the argument description leads to cross site scripting...

CVE-2023-1593 SourceCodester Automatic Question Paper Generator System cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=saveclass. The manipulation of the argument description leads to cross site scripting...

CVE-2023-1593

SourceCodester Automatic Question Paper Generator System 1.0 is vulnerable to cross-site scripting via the description parameter in the file/classes/Master.php?f=save_class endpoint. The issue arises from improper handling of the description argument, enabling remote attackers to inject scripts. ...

CVE-2023-1592 SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php sql injection

A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/viewclass.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The...

CVE-2023-1592

CVE-2023-1592 affects SourceCodester Automatic Question Paper Generator System 1.0. The vulnerability is an SQL injection in the file admin/courses/view_class.php of the GET Parameter Handler, caused by unsafely handling the id argument. Exploitation can be remote, with high potential impact to c...