SAP Business One 安全漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. The software includes financial management, operations management, and human resources management functions.SAP Business One in version 10.0 contains an information disclosure vulnerability that stems from t...

Fedora: Security Advisory for rust-gimli (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ALPINE-CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

[SECURITY] Fedora 34 Update: rust-gimli-0.25.0-1.fc34

Library for reading and writing the DWARF debugging format...

PT-2021-7752 · Redis +5 · Redis +5

Name of the Vulnerable Software and Affected Versions: Redis versions 3.2 through 6.2.5 Redis versions 3.2 through 6.0.15 Redis versions 3.2 through 5.0.13 can be simplified to: Redis versions 3.2 through 6.2.5 Description: The issue affects Redis, an open source, in-memory database that persists...

[SECURITY] Fedora 35 Update: rust-gimli-0.25.0-1.fc35

Library for reading and writing the DWARF debugging format...

WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update

The plugin has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. PoC POST /wp-admin/admin-post.php HTTP/1.1 Accept:...

WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update

The plugin has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. csrf.submit POST /wp-admin/admin-post.php HTTP/1.1 Accept:...

WordPress WP Debugging plugin <= 2.10.2 - Unauthenticated Plugin's Settings Update vulnerability

Unauthenticated Plugin's Settings Update vulnerability discovered by apple502j in WordPress WP Debugging plugin versions = 2.10.2. Solution Update the WordPress WP Debugging plugin to the latest available version at least 2.11.0...

Easier URI Targeting With Metasploit Framework

Over the past year and a half, Metasploit Framework’s core engineering team in Belfast has made significant improvements to usability, discoverability, and the general quality of life for the global community of Framework users. A few of the enhancements we’ve worked on in MSF 6 include: A handy...

strace bug fix and enhancement update

The strace utility intercepts and records the system calls that are made and received by a running process and prints a record of each system call, its arguments, and its return value to standard error output or a file. It is often used for problem diagnoses, debugging, and for instructional...

strace bug fix and enhancement update

An update is available for strace. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The strace utility intercepts and records the system calls that are made and...

PS2EXE - Module To Compile Powershell Scripts To Executables

Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end. Module version. You find the script based version here...

Denial Of Service (DoS)

chromium:edge is vulnerable to denial of service.Inappropriate implementation in DevTools in Google Chrome allowed a remote attacker who had convinced the user to use Chrome headless with remote debugging to execute arbitrary code via a crafted HTML page...

Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Introduction Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS. Features Tun interface No more SOCKS! Simpl...

How to debug and resolve ADM-HA DB Streaming broken issues

...

Exploit for Code Injection in Elastic Kibana

CVE-2019-7609 Kibana versions before 5.6.15 and 6.6.1 contain...

Shoutcast Server 2.6.0.753 Crash Vulnerability

Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability. Shoutcast Server Remote Authenticated Crash ===== Intro ===== Shoutcast Server crashes after failing to handle a non-existent option recieved from a client in an ADMINCGI request. Requires auth to reproduc...

Shoutcast Server 2.6.0.753 Crash

Shoutcast Server Remote Authenticated Crash ===== Intro ===== Shoutcast Server crashes after failing to handle a non-existent option recieved from a client in an ADMINCGI request. Requires auth to reproduce, so not super exciting but Shoutcast is an old favorite and the minimization of the repro ...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Introduction This repository was created f...