RHEL 8 : libpq (RHSA-2020:5401)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5401 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following...

openSUSE Security Update : xen (openSUSE-2020-2192)

This update for xen fixes the following issues : - bsc1178963 - VUL-0: xen: stack corruption from XSA-346 change XSA-355 This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Kubernetes: Code Injection via Insecure Yaml.load

Report Submission Form Summary: The Kubernetes repo and tool, test-infra, uses the insecure yaml.load function to set or update the Gubernator configuration with a yaml file which allows for code injection. Vulnerable Line of Code:...

Internet Bug Bounty: Heap buffer overflow vulnerability while processing a malformed TIFF file.

A heap buffer overflow vulnerability occurs in magick while processing of a malformed TIFF file.Following is the version/build details: $ magick -version Version: ImageMagick 7.0.10-45 Q16 x8664 2020-11-30 https://imagemagick.org Copyright: © 1999-2020 ImageMagick Studio LLC License:...

Photon OS 2.0: Python3 PHSA-2020-2.0-0289

An update of the python3 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0289. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

FortiGate SSL VPN "Breaching the Fort"

Security researchers at SAM Seamless Network published a blog post on September 24, 2020 stating that 200,000 businesses were exposed to Man-in-the-Middle MITM attacks against FortiGate SSL VPNs due to the VPN client’s failure to properly verify the server’s certificate out of the box. Instead,...

Photon OS 3.0: Linux PHSA-2020-3.0-0142

An update of the linux package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0142. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid140708;...

Unauthenticated domain takeover via netlogon ("ZeroLogon")

Description The following applies to Samba used as domain controller only most seriously the Active Directory DC, but also the classic/NT4-style DC. Installations running Samba as a file server only are not directly affected by this flaw, though they may need configuration changes to continue to...

Oracle Linux 7 : thunderbird (ELSA-2020-3631)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3631 advisory. 68.12.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Build with rust-toolset 1.43 68.12.0-1 - Update...

CVE-2019-0230

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Recent assessments: wvu-r7 at September 03, 2020 4:30pm UTC reported: Unlike CVE-2017-5638, which was exploitable out of the box, since it targeted...

Juniper Junos BGP DoS (JSA11024)

According to the self reported version of Junos OS on the remote device it is affected by a denial of service vulnerability as referenced in the JSA11024 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenab...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200908)

Security Fixes : - Mozilla: Attacker-induced prompt for extension installation CVE-2020-15664 - Mozilla: Use-After-Free when aborting an operation CVE-2020-15669 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid140440;...

RHEL 7 : bash (RHSA-2020:3592)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3592 advisory. The bash packages provide Bash Bourne-again shell, which is the default shell for Red Hat Enterprise Linux. Security Fixes: bash: BASHCMD is writable...

openSUSE Security Update : python (openSUSE-2020-1257)

This update for python fixes the following issues : - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in...

Photon OS 3.0: Linux PHSA-2020-3.0-0127

An update of the linux package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0127. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid139699;...

Cisco Prime Collaboration Provisioning Software SQL Injection (cisco-sa-pcp-sql-inj-22Auwt66)

According to its self-reported version, a vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Please see the included Cisco BIDs and Cisco...

House Rental 1.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...

Stock Management System 1.0 Cross Site Scripting

Exploit Title: Stock Management System v1.0 - Cross-Site Scripting Credential Harvester Login-Portal Exploit Author: Bobby Cooke Date: 2020-08-01 Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Software Link:...

CVE-2020-14500

The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required. If carried out successfully, such an attack could resul...

Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability (JSA11018)

The version of Junos OS installed on the remote host is prior to 12.3X48-D100, 15.1X49-D210, 17.3R2-S5, 17.4R2-S9, 18.1R3-S10, 18.2R2-S7, 18.3R1-S7, 18.4R1-S6, 19.1R1-S4, 19.2R1-S3, 19.3R2-S1, or 19.4R1-S1. It is, therefore, affected by a unified access control UAC bypass vulnerability as...