Oracle Linux 9 : runc (ELSA-2024-0670)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-0670 advisory. - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Debian dsa-5615 : golang-github-opencontainers-runc-dev - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5615 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5615-1...

SUSE SLES12 Security Update : runc (SUSE-SU-2024:0294-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0294-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.31 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 52 vulnerabilities disclosed in 42...

Exploit for Path Traversal in Jenkins

Jenkins CVE-2024-23897 PoC A proof-of-concept PoC for CVE-2...

CVE-2024-21626

CVE-2024-21626 affects runc prior to 1.1.12, with a file descriptor leak enabling container escapes from containerized processes (e.g., runc exec/run) and potential host filesystem access. The CVE description specifies attacks that could overwrite host binaries and escape to the host filesystem. ...

Cross-Site WebSocket Hijacking (CSWSH)

jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenkins controller...

RHEL 8 : container-tools:3.0 (RHSA-2024:0564)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0564 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

Exploit for Path Traversal in Jenkins

Jenkins has a built-in command line interface CLI to access J...

CVE-2024-0986

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

Command injection

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

CVE-2024-0986 Issabel PBX Asterisk-Cli os command injection

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

CVE-2024-0986 Issabel PBX Asterisk-Cli os command injection

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

CVE-2024-0986

CVE-2024-0986 affects Issabel PBX 4.0.0 through the Asterisk-Cli component. The vulnerability arises from improper handling of the Command argument in /index.php?menu=asterisk_cli, enabling OS command injection. Multiple connected sources describe this as an authenticated remote command execution...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 Jenkins 2.441 and earlier, LTS 2.426.2 and ear...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 This repository presents a proof-of-concept of...

Issabel PBX Operating System Command Injection Vulnerability

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. An OS command injection vulnerability exists in Issabel PBX version 4.0.0, which stems from the inclusion of some unknown processing in the component...

PT-2024-15962 · Unknown · Asterisk-Cli +1

Name of the Vulnerable Software and Affected Versions: Issabel PBX version 4.0.0 Description: A critical issue affects the processing of the file /index.php?menu=asterisk cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 Jenkins CVE-2024-23897: Arbitrary File Read Vul...