GHSA-9P7Q-V9GP-FRQ4 Dolibarr Cross-site Scripting vulnerability

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

GHSA-RQG8-XJP2-PG9W LinOTP replay vulnerability with auto resynchronization enabled for TOTP token

LinOTP is prone to a replay attack with activated automatic resynchronization. This vulnerability may allow an attacker to successfully log in with OTP values recorded at a previous point in time. This attack is only possible if automatic resynchronization is enabled for the TOTP token type. The...

LinOTP replay vulnerability with auto resynchronization enabled for TOTP token

LinOTP is prone to a replay attack with activated automatic resynchronization. This vulnerability may allow an attacker to successfully log in with OTP values recorded at a previous point in time. This attack is only possible if automatic resynchronization is enabled for the TOTP token type. The...

Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data

Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics. Alternative video link for Russia: CVSS redefinitions A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this wa...

[SECURITY] Fedora 35 Update: et-6.2.1-2.fc35

Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...

[SECURITY] Fedora 35 Update: clamav-0.103.6-1.fc35

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 34 Update: clamav-0.103.6-1.fc34

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 36 Update: et-6.2.1-2.fc36

Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Essay 🕸️ Description 🖼️ This repository co...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module exploits a stack buffer overflow in the Cisco RV series routers SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier...

Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF

The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. O...

Fedora: Security Advisory for suricata (FEDORA-2022-a2f0201723)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: suricata-6.0.5-1.fc35

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Stored XSS Via Markdown payload at HackerOne Settings

Description Rengine supports automatic vulnerability reporting to hackerone the module included a feature to customize the report using a markdown editor. Although it was blocking some malicious payloads, the Cross-Site Scripting was found exploitable via a special payload. Proof of Concept 1. Go...

Xiaomi Mi App Store Open Redirect Vulnerability

A security vulnerability exists in Xiaomi Mi App Store, an app store of Xiaomi, a Chinese company. The vulnerability is due to the Xiaomi App Store not verifying the validity of incoming data, which could be exploited by an attacker to cause the app store to automatically download and install app...

[SECURITY] Fedora 34 Update: golang-github-googleapis-gnostic-0.5.3-5.fc34

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

[SECURITY] Fedora 35 Update: golang-github-spf13-cobra-1.4.0-2.fc35

Cobra is a library providing a simple interface to create powerful modern CLI interfaces similar to git & go tools. Cobra is also an application that will generate your application scaffolding to rapidly develop a Cobra-based application. Cobra provides: - Easy subcommand-based CLIs: app server,...

Code injection

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341...

IBM QRadar SIEM 授权问题漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An authorization...

CVE-2020-14118

An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps...