[SECURITY] [DSA 4586-1] ruby2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2019 https://www.debian.org/security/faq -...

Code Execution Vulnerability in Ocean Cms v10 Version

SeaCMS is a station building system based on PHP+MYSQL architecture and supports cross-platform operation. SeaCMS v10 version of the existence of code execution vulnerabilities, attackers can exploit the vulnerability to execute arbitrary code to obtain server privileges...

GitLab: Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result

Summary When a public group with public projects is transferred to a private group, the code and the wiki of the public project, although now should be private, it is still reachable through search APIs. I set the severity as "medium" and not "high", because any new action over the project issues...

PT-2018-10017 · Medtronic · Medtronic N'Vision Removable Application Card 8870 +1

Name of the Vulnerable Software and Affected Versions: Medtronic N'Vision Clinician Programmer 8840, all versions Medtronic N'Vision removable Application Card 8870, all versions Description: The issue concerns the execution of application programs from the 8870 Application Card by the 8840...

amc.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-626927 Description| Value ---|--- Affected Website:| amc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

CVE-2018-5779

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

CVE-2018-1297

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

CVE-2017-9368

CVE-2017-9368 affects BlackBerry Workspaces Server. An information disclosure vulnerability allows an attacker to gain access to source code for server‑side applications by crafting requests for specific files. Exploitation is shown as network‑accessible with low attack complexity and no authenti...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

MGASA-2017-0352 Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

Multiple vulnerabilities in YXCMS frontend

YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. YXCMS front-end cross-site scripting and cross-site request forgery vulnerabilities. htmlin function is not strict on xss filtering does not take into account the pseudo-protocol , due to the failure to...

CVE-2016-6268

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory...

Privilege escalation

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to 1 execute arbitrary code via a crafted XAML browser application XBAP or 2 bypass Code Access Security restrictions via a crafted...

MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Microsoft .NET Framework : - An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory before they are copied into an array. A...

PNMsoft Sequence Kinetics Information Disclosure Vulnerability

PNMsoft Sequence Kinetics is a suite of intelligent workflow applications from PNMsoft that can organize modeling, design, and execution.Form Controls CSS is one of the control form CSS files. A security vulnerability exists in the Form Controls CSS file in PNMsoft Sequence Kinetics 7.5 and earli...

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow - Ver2 (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

IncrediMail 2.0 ActiveX (Authenticate) bof PoC

No description provided by source. IncrediMail 2.0 activeX Authenticate bof poc by d3b4g Tested: incerdiMail 2.0 Vendor url:http://www.incredimail.com/english/splash.aspx Tested on windows XP SP3 1-03-2010 Debugging info -------------- Exception Code: ACCESSVIOLATION Disasm: 678914AE MOV EDX,ECX...

Modicon Modbus/TCP Programming Function Code Access (SCADA) (deprecated)

Binary data 3852.prm...

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...