FusionPBX Command exec.php Command Execution

This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...

Cross site scripting

Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...

CVE-2019-18205

Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...

CVE-2019-5536

VMware ESXi 6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG, Workstation 15.x before 15.5.0 and Fusion 11.x before 11.5.0 contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privilege...

CVE-2019-5536

VMware ESXi 6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG, Workstation 15.x before 15.5.0 and Fusion 11.x before 11.5.0 contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privilege...

[SECURITY] Fedora 31 Update: libapreq2-2.13-38.fc31

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

[SECURITY] Fedora 31 Update: jackson-databind-2.10.0-1.fc31

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

Password Lense - Reveal Character Types In A Password

What is this? Certain characters in passwords 'O' and '0', 'I' and 'l', etc. can be hard to identify when you need to type them in and copy-paste is unavailable. Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Feature...

CVE-2019-16987

In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

OPENSUSE-SU-2019:2340-1 Security update for dhcp

This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes bsc1134078. Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings bsc1089524. - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6...

Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Informatio...

SpotAuditor 5.3.1.0 - Denial of Service

SpotAuditor 5.3.1.0 - Denial of Service Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service Author: Sanjana Shetty Date: 2019-10-13 Version: SpotAuditor 5.3.1.0 Vendor Homepage: http://www.nsauditor.com Software link: http://spotauditor.nsauditor.com/ Steps 1 Install the SpotAuditor software 2...

SpotAuditor 5.3.1.0 Denial Of Service

Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service Author: Sanjana Shetty Date: 2019-10-13 Version: SpotAuditor 5.3.1.0 Vendor Homepage: http://www.nsauditor.com Software link: http://spotauditor.nsauditor.com/ Steps 1 Install the SpotAuditor software 2 Access the register functionality 3 In...

Security feature bypass

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2613-1)

This update for the Linux Kernel 3.12.74-6064107 fixes one issue. The following security issue was fixed : CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest...

Service Update 0.9 for Microsoft Dynamics 365 9.0

Service Update 0.9 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.8 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.8. MORE INFORMATION Update package| Version number ---|--- Servi...

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...