Debian: Security Advisory (DLA-3690-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for vim (FEDORA-2023-c0da722865)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 9 : subscription-manager (RLSA-2023:4708)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4708 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

CVE-2023-22633

CVE-2023-22633 describes an improper permissions, privileges, and access controls vulnerability in FortiNAC-F 7.2.0 and FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions that may allow an unauthenticated attacker to perform a DoS on the device via c...

FortiNAC - SSL Renegotation leading to DoS

An improper permissions, privileges, and access controls vulnerability CWE-264 in FortiNAC may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation...

Huawei EulerOS: Security Advisory for selinux-policy (EulerOS-SA-2022-2146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM ESS ( CVE-2021-39031)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM ESS, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liber...

Schneider Electric Modicon Quantum Improper Access Control (CVE-2019-6815)

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol. This plugin only works with Tenable.ot. Please visit...

WordPress Event-Registration 5.43 Arbitrary File Upload

Exploit Title : WordPress Event-Registration Plugins 5.43 Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 30/03/2020 Vendor Homepage : wp-event-organiser.com Software Links : captainform.com/wordpress-event-registration-plugin/...

Exploit for CVE-2019-19268

CVE-2019-19268 Affected Version: rConfig 3.9.2. Descriptio...

Xorg X11 Server - Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xorg X11 Server Local Privilege Escalation', 'Description' = %q WARNING: Successful execution of this module results in /etc/passwd being...

Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

According to its self-reported version, Cisco Data Center Network Manager is affected by a vulnerability in the web-based management interface. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to...

Joomla Attachments 3.x File Upload

Exploit Title : Joomla ComAttachments Components 3.x Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/05/2019 Vendor Homepage : jmcameron.net Software Download Links : jmcameron.net/attachments/...

Design/Logic Flaw

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol...

CVE-2019-6815

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol...

CVE-2019-6815

The CVE-2019-6815 entry concerns Modicon Quantum PLCs (all firmware versions) with CWE-264 (Permissions, Privileges, and Access Control). The vulnerability arises via Ethernet/IP, enabling denial of service or unauthorized modifications of the PLC configuration due to improper access control. Doc...

Joomla Alberghi 2.1.3 File Upload / SQL Injection

Exploit Title : Joomla Alberghi Components 2.1.3 SQL Injection / Remote File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 27/02/2019 Vendor Homepage : alberghi.joomlaitalia.com Software Download Links : alberghi.joomlaitalia.com/files/alberghi213SR.zip...

WordPress NativeChurch Multi-Purpose 5.0.x File Download

Exploit Title : WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : themeforest.net Software Information Link :...

Joomla JWallPapers 2.0.1 Cross Site Request Forgery / Shell Upload

Exploit Title : Joomla JWallPapers Components 2.0.1 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 18/02/2019 Vendor Homepage : joomla4ever.org Software Download Link : joomla4ever.org/archive/ext/comjwallpapers.zip Software Information Link :...

Joomla Jumi 3.0.5 Database Disclosure / SQL Injection

Exploit Title : Joomla Jumi Components 3.0.5 SQL Injection / Database Disclosure / Remote File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/02/2019 Vendor Homepage : 2glux.com Software Download Link :...