7: OpenWire can create destinations with an unpriviledged user

A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity...

Cross-Site Scripting (XSS)

php-horde is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user' s browser via the Color field in a Create Task List action...

Papermerge Cross-Site Scripting Vulnerability

Papermerge is an open source document management system DMS for archiving and retrieving digital documents. Multiple cross-site scripting vulnerabilities exist in versions prior to Papermerge 1.5.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

PYSEC-2020-74

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

PYSEC-2020-74

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

CVE-2020-29456

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

UBUNTU-CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user...

Kong Gateway Admin API Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...

GaussDB Kernel: Revoking the CREATE Permission from a User with the PUBLIC Role

A common user can create malicious functions with the same names as system functions if the user has the PUBLIC role. In this way, other users can call these malicious functions by mistake to compromise database security. If the PUBLIC role has the CREATE permission, any user having this role can...

CVE-2020-28136

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page...

IBM Cognos Controller Elevation of Privilege Vulnerability

IBM Cognos Controller is a suite of business intelligence and planning solutions from IBM in the United States. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from a security vulnerability that...

SourceCodester Tourism Management System 代码问题漏洞

SourceCodester Tourism Management System is a website builder for tourism management from SourceCodester. SourceCodester Tourism Management System has an arbitrary file upload vulnerability that can be exploited for remote code execution via the admin create-package.php vulnerability page...

Atlassian Jira gajira-create code execution vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. gajira-comment is a Jira plugin for configuring Jira comment operations. Atlassian gajira-create A security vulnerability exists...

CVE-2020-14188

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

Code injection

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

CVE-2020-14188

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...

CVE-2020-14188

The CVE-2020-14188 issue affects the Atlassian gajira-create GitHub Action prior to version 2.0.1. The exposed flaw, originating in the preprocessArgs function, enables an attacker to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. A patch ex...

Citrix Workspace app (earlier known as Citrix Receiver) for Chrome and HTML5 Configuration Utility

How to use Configuration Utility Steps to Create a Configuration: 1. Click Create New 2. Select the appropriate Citrix Workspace app from the following options: Citrix Workspace app for Chrome Citrix Workspace app for HTML5 If you need configuration for Citrix Receiver, choose the corresponding...

StressPrinters

Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools StressPrinters Version 1.3.2 Created date: 03/30/2006 Modified date: 6/19/2013 Description Many printer driver problems in Terminal...