USN-6943-1 tomcat8, tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-31580] [CVE-2024-31583]

Summary PyTorch is used by the mapping assistance code in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address...

Spring AI with Groq - a blazingly fast AI inference engine

Faster information processing not only informs - it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with support for Tool/Function calling...

OPENSUSE-SU-2024:0227-1 Security update for gh

This update for gh fixes the following issues: Update to version 2.53.0: CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file boo1227035 Disable TestGetTrustedRoot/successfullyverifiesTUFroot test due to https://github.com/cli/cli/issues/8928 Rename...

RUSTSEC-2024-0446 Shell expansion in custom commands

Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

PYSEC-2024-190

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

SUSE CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

XenMobile 10 Logs Collection Guide

This article illustrates the log collection process on devices such as iOS, Android and Windows Phone for the various XenMobile components including - App Controller, NetScaler Gateway, XenMobile Device Manager and Citrix Secure Hub. For the latest information on logcollection process refer to...

How to Upgrade from StoreFront 2.1 to StoreFront 2.6

The sequence of steps to upgrade from StoreFront 1.2to StoreFront 2.5: 1. Upgrade from StoreFront1.2 to StoreFront2.0. 2. Upgrade from StoreFront 2.0 to StoreFront 2.5 or StoreFront 2.6. For more information see the StoreFrontlegacy product documentation. To learn more about upgrading from...

Metasploit Weekly Wrap-Up 07/12/2024

The Usual Suspects This release features two new exploits targeting old friends: Confluence and Ivanti. CVE-2024-21683 is a very easy vulnerability to exploit, but as pointed out in the AttackerKB Review, it requires authentication as a ‘Confluence Administrator.’ On the other hand, CVE-2024-2982...

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: XSS in SSI printenv CVE-2019-0221 - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14,...

ttcmendingfences.com Improper Access Control vulnerability OBB-3943615

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

VulnCheck KEV: CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code...

[SECURITY] Fedora 40 Update: python3-docs-3.12.4-1.fc40

The python3-docs package contains documentation on the Python 3 programming language and interpreter...