ProcessMaker Plugin Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ProcessMaker Plugin Upload', 'Description' = %q This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code a...

Debian DSA-4155-1 : thunderbird - security update

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4155. T...

Debian DSA-4149-1 : plexus-utils2 - security update

Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DSA-4121-1 : gcc-6 - security update

This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4121. The text itself i...

Debian Security Advisory DSA 4119-1 (libav - security update)

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.12 OpenVAS Vulnerability Test $Id: deb4119.nasl 8893 2018-02-21 06:36:27...

Debian DSA-4109-1 : ruby-omniauth - security update

Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request...

Debian DSA-4099-1 : ffmpeg - security update

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Debian DSA-4100-1 : tiff - security update

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Adviso...

PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal

Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone filetype:php login Version:...

PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal

PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone...

PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php inurl:pacsone/login.php...

PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection

PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php...

PACSOne Server 6.6.2 DICOM Web Viewer Directory Traversal

Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone filetype:php login Version:...

PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal Vulnerability

Exploit for php platform in category web applications Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home...

Debian DSA-4097-1 : poppler - security update

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. This update also fixes a regression in the handling of Type 3 fonts. C Tenable Network Security, Inc. The...

Debian DSA-4093-1 : openocd - security update

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD...

Debian DSA-4091-1 : mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : -...

Debian LTS: Security Advisory for openoffice.org-dictionaries (DLA-895-1)

The dictionaries provided by this package had an unversioned conflict against the thunderbird package which so far was not part of wheezy. Since the next update of Icedove introduces a thunderbird package the dictionaries would become unusable in Icedove so the unneeded conflict was dropped. This...

Debian LTS: Security Advisory for uzbek-wordlist (DLA-904-1)

The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy. This VT has been deprecated as it doesn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a reference...

Debian DSA-4084-1 : gifsicle - security update

It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4084. The text itself is...