[SECURITY] Fedora 42 Update: python-starlette-0.47.3-2.fc42

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

Linux Distros Unpatched Vulnerability : CVE-2017-17476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers ...

Urlbuster - Powerful Mutable Web Directory Fuzzer To Bruteforce Existing And/Or Hidden Files Or Directories

Powerful web directory fuzzer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but with a lot of mutation options. Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries for slow servers Persistent and...

OPENSUSE-SU-2020:0602-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...

[SECURITY] Fedora 30 Update: aria2-1.34.0-4.fc30

aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy...

UBUNTU-CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

DEBIAN-CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

Arachni v1.5.1 - Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is...

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 Additions JavaScript Beautifier Pause and Resume support for Scan Jump to Payload Cookie Support for POST Request Cookie Support and Custom Headers for Header Scanner Added TRACE method Support Improved Interface Better Proxy Support WAF Fingerprinting Load Files Hash Calculator Hash...

MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / input...

MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / input type="hidden" na...

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities

Summary More than poll is a polling system with a powerful administration tool. It features: multiple pools, templates, unlimited options, IP Logging, cookie support, and more. Description MTP Poll script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered...

Open Source MySQL Injection: sqlsus

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the databases structure, inject your own SQL queries even complex ones, download files from the web server, crawl the website for writable directories, upload and control a...

[SECURITY] Fedora 11 Update: aria2-1.9.3-1.fc11

aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy...

Advanced Poll Script SQL Injection / Cross Site Scripting

Exploit Title: XSS and Authentication bypass in Advanced Poll Script Date: 26-apr-2010 Author: Sid3^effects Software Link: N/a CVE : Code : XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects Description : Advanced Poll is a polling system with...

2daybiz Advanced Poll Script XSS and Authentication Bypass

Exploit for php platform in category web applications ========================================================== 2daybiz Advanced Poll Script XSS and Authentication Bypass ========================================================== Description : Advanced Poll is a polling system with powerful...

2DayBiz Advanced Poll Script - Cross-Site Scripting / Authentication Bypass

XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects Description : Advanced Poll is a polling system with powerful administration tool supports both text file and MySQL database. Its features include multiple polls, unlimited options, IP-Logging...

[Backports-security-announce] Security update for webauth

Russ Allbery uploaded new packages for webauth which fixed the following security problem: CVE-2009-2945 WebAuth 3.5.5 introduced a new method to probe for browser cookie support in the WebLogin script. Under rare circumstances, a browser may present the test cookie when loading the login form bu...