CVE-2017-13798

creationtimestamp| type| source ---|---|--- 2017-11-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43175...

CVE-2017-7550

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

CVE-2017-7550

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

CVE-2017-7550

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

[SECURITY] Fedora 27 Update: postgresql-9.6.6-1.fc27

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0045

An update of go,curl,libtiff,systemd,bash packages for PhotonOS has been released...

RubyGems: [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec

Hi, A JavaScript URL injection in the homepage field within a Gemspec file can be leveraged to achieve stored XSS on the default gem server web interface, referenced here. When you install RubyGems, it adds the gem server command to your system. This is the fastest way to start hosting gems. As...

FreeBSD : PostgreSQL vulnerabilities (1f02af5d-c566-11e7-a12d-6cc21735f730)

The PostgreSQL project reports : - CVE-2017-15098: Memory disclosure in JSON functions - CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Ipswitch WS_FTP Professional < 12.6.0.3 Local Buffer Overflow Vulnerability

Ipswitch WSFTP Professional is prone to a local buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open-Xchange: IDOR - setAttribute action of user object in API

Note. I selected sandbox.open-xchange.com as the asset in Hackerone but this was tested on a local installation . Hello, There appears to be a possible IDOR vulnerability in the following API endpoint for setting custom attributes:...

Exploit Pack - Penetration Testing Framework

Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so penetration testers can focus on what's really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining...

Cloud Security Suite - One stop tool for auditing the security posture of AWS infrastructure

One stop tool for auditing the security posture of AWS. Pre-requisites Python 2.7 pip git Installation git clone https://github.com/SecurityFTW/cs-suite.git cd cs-suite/ sudo python setup.py Note - Generate a set of ReadOnly AWS keys which the tool will ask to finish the installation process...

ansible: jenkins_plugin module exposes passwords in remote host logs

A flaw was found in the way Ansible passed certain parameters to the jenkinsplugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in th...

CVE-2014-9474

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

DEBIAN-CVE-2014-9474

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

CVE-2014-9474

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

Buffer overflow

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

UBUNTU-CVE-2014-9474

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

CVE-2014-9474

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

Angular-CLI Authentication Bypass

Vulnerability summary The following advisory describes an athentication bypass vulnerability found in Angular-CLI version 1.3.2 The Angular CLI makes “it easy to create an application that already works, right out of the box. It already follows our best practices!” Credit An independent security...