CVE-2017-8043

...

MGASA-2018-0029 Updated rkhunter packages fix security vulnerability

The rkhunter package has been updated to disable by default an insecure cron job. The script is now included with the package as documentation. See the README.urpmi file for more information...

Updated rkhunter packages fix security vulnerability

The rkhunter package has been updated to disable by default an insecure cron job. The script is now included with the package as documentation. See the README.urpmi file for more information...

Starbucks: Leaking sensitive files on Github leads to internal files (python scripts,SQL files)

@samidrif discovered a source repository containing sensitive and internal development information including Starbucks code and documentation. @samidrif delivered a quality report detailing his find, suspected impact, and suggestions for remediation. The repository was removed and necessary...

QuarkslaB Dynamic binary Instrumentation: QBDI

QuarkslaB Dynamic binary Instrumentation QBDI is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBD...

CVE-2017-17916

SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

Sql injection

DISPUTED SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

CVE-2017-17917

Ruby on Rails SQL injection CVE-2017-17917 affects Rails 5.1.4 and earlier, via the vulnerable "+where" method using the id parameter. The underlying issue allows remote execution of arbitrary SQL commands; vendor disputes the issue due to documentation stating the method isn’t intended for untru...

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17916

SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17916

SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-1.0-0095

An update of 'curl', 'docker', 'binutils', 'linux','rpm' packages of Photon OS has been released...

Cambium ePMP 1000 SNMP Enumeration

Cambium devices ePMP, PMP, Force, & others can be administered using SNMP. The device configuration contains IP addresses, keys, and passwords, amongst other information. This module uses SNMP to extract Cambium ePMP device configuration. On certain software versions, specific device configuratio...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-1.0-0093

An update of 'linux', 'krb5', 'subversion', 'apr', 'ncurses' packages of Photon OS has been released...