openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service bsc1118899. - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in...

Directory traversal

GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API...

CVE-2018-19856

GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API...

CVE-2018-19856

GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API...

CVE-2018-19856

CVE-2018-19856 affects GitLab CE/EE with directory traversal in the Templates API. Affected versions: GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3. Root cause is a directory traversal vulnerability in the Templates API that could expose sensitive data. CVSS metrics...

CVE-2018-19856

GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API...

CVE-2018-19856

Removed by vendor...

First steps with Docker: installation in CentOS 7, vulnerability assessment, interactive mode and saving changes

Docker and containerization are literally everywhere. IMHO, this changes the IT landscape much more than virtualization and clouds. Let's say you have a host, you checked it and find out that there are no vulnerable packages. But what's the point if this host runs Docker containers with their own...

Liferay CE Portal 7.1.2 ga3 - Remote Command Execution (Metasploit)

Liferay CE Portal 7.1.2 ga3 - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE...

Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution Exploit #RCE

Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal...

Liferay CE Portal Groovy-Console Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy...

Liferay CE Portal &lt; 7.1.2 ga3 - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service bsc1118899. - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in...

SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (SUSE-SU-2019:0495-1)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service bsc1118899. CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPA...

Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis

Maltego CE is the community version of Maltego that is available for free after a quick online registration. Maltego CE includes most of the same functionality as the commercial version however it has some limitations. The main limitation with the community version is that the application cannot ...

CVE-2019-3911

LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected XSS via the onerror parameter in the /__r2/query endpoint, allowing an unauthenticated attacker to inject arbitrary JavaScript. Affected version range is prior to 18.3.0-61806.763. Remediation: upgrade to LabKey Server C...

CVE-2019-6804

An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/wfitemEdit.gsp...

Design/Logic Flaw

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API...

CVE-2018-17975

CVE-2018-17975 affects GitLab Community Edition 11.x prior to 11.1.8, 11.2.x prior to 11.2.5, and 11.3.x prior to 11.3.2. The root issue is Information Exposure via the GitLab Flavored Markdown (GFM) API, which can disclose confidential data (e.g., issue titles and private snippet titles) due to ...

Netgate pfSense CE Command Injection Vulnerability

Netgate pfSense CE is the United States Netgate company's set of free open source FreeBSD-based firewall and router software. A command injection vulnerability exists in the 'powerdbatterymode' POST parameter in Netgate pfSense CE version 2.4.4-RELEASE, which can be exploited by an attacker to...