Centreon 19.10.5 - 'centreontrapd' Remote Command Execution

Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote...

CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

Centreon 19.10.5 Remote Command Execution

Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...

PT-2020-10446 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. Recommendations: F...

Fedora: Security Advisory for python3 (FEDORA-2019-297a9f4aa5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure

The Azure security team is pleased to announce that the Azure Security Benchmark v1 ASB is now available. ASB is a collection of over 90 security best practices recommendations you can employ to increase the overall security and compliance of all your workloads in Azure. The ASB controls are base...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1044)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2653)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gophish - Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple - just download and extract the zip...

Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418

h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...

EulerOS Virtualization for ARM 64 3.0.5.0 : python3 (EulerOS-SA-2020-1048)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Th...

EulerOS Virtualization for ARM 64 3.0.5.0 : python2 (EulerOS-SA-2020-1044)

According to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Th...

LAVA - Large-scale Automated Vulnerability Addition

Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora i.e., software that has known bugs with triggering inputs. LAVA attempts to solve this problem by automatically injecting bugs into software. Every LAVA bug is accompanied by an input that...

CVE-2018-16886

Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name CN which matches a valid RBAC username, a...

Fedora Update for python2-docs FEDORA-2019-0d3fcae639

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...