Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree

Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The...

Library Management System SQL Injection Vulnerability (CNVD-2022-61297)

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System is vulnerable to SQL injection, which stems from a missing parameter id in the file /librarian/bookdetails.php validation of externally...

Library Management System File Upload Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System is vulnerable to file uploads due to a lack of validation of uploaded files in the parameter image in the file /card/index.php. The...

GHSA-M2WW-6WV6-VW3C Cross site scripting in Concrete CMS

XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

Naabu - A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply. Features Fast And Simple SYN/CONNECT probe...

Denial Of Service (DoS)

github.com/vapor/vapor is vulnerable to denial of service. The vulnerability exists when using automatic decoding in ContentConfiguration which allows an attacker to craft and send a request body which causes a buffer overflow which then leads to an application crash...

Security Updates for Microsoft Excel Products C2R (January 2022)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Two remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-21840, CVE-2022-21841...

Security Updates for Microsoft Excel Products C2R (September 2021)

The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2021-38655, CVE-2021-38660 %NASLMINLEV...

Security Updates for Microsoft Office Products C2R (January 2022)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-21840, CVE-2022-21841...

Security Updates for Microsoft Word Products C2R (April 2021)

The Microsoft Word Products are missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relied...

Security Updates for Microsoft Excel Products C2R (December 2021)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2021-43256 %NASLMINLEVEL 70300 C...

Security Updates for Microsoft Word Products C2R (January 2021)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2021-1715, CVE-2021-1716 C Tenable...

WordPress Database Backup for WordPress Plugin < 2.5.2 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Cross site request forgery (csrf)

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...

Apple's New Feature Will Install Security Updates Automatically Without Full OS Update

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid...

Exploit for Download of Code Without Integrity Check in Caphyon Advanced_Installer

CVE-2022-27438 Caphyon Ltd Advanced Installer 19.3 "CustomDe...

[SECURITY] Fedora 36 Update: logrotate-3.20.1-1.fc36

The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log...

Juniper Junos OS DoS (JSA11247)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11247 advisory. An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6...

GHSA-F8FH-XP28-Q59M OpenStack Horizon Open redirect in workflow forms

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...