PT-2019-15772 · Django Software Foundation +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 2.1 through 2.1.14 Django versions 2.2 through 2.2.7 Description: The issue allows unintended model editing in certain configurations. When a Django model admin displays inline related models and the user has view-only...

Django -- multiple vulnerabilities

Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...

Sql injection

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the...

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

Code injection

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence which introduces a...

CVE-2019-16214

CVE-2019-16214 affects Libra Core prior to 2019-09-03, where an erroneous regular expression for inline comments lets a nonstandard line-break character (\r) appear to terminate a comment in audits, potentially misleading readers about code execution. The Move module author could place // followe...

Code injection

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2019-15160

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2019-15160

The CVE-2019-15160 entry concerns the SweetXml (aka sweet_xml) package for Erlang and Elixir, affected through version 0.6.6. The root cause is an XML entity expansion (XML bomb) vulnerability involving an inline DTD, which allows an attacker to cause resource consumption leading to denial of ser...

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

PT-2019-10264 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Jira versions prior to 7.12.3 Description: The issue is related to a missing authorization check in the inline-create rest resource, allowing authenticated remote attackers to set the reporter in issues. Recommendations: For versions prior to...

Windows x86 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 307 include Msf::Payload::Windows include Msf::Payload::Single include...

Linux x64 Pingback, Bind TCP Inline

Accept a connection from attacker and report UUID Linux x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 109 include Msf::Payload::Linux::X64::Prepends include...

Windows x64 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Windows x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 425 include Msf::Payload::Windows include Msf::Payload::Single include...

Linux x64 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Linux x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 125 include Msf::Payload::Linux::X64::Prepends include Msf::Payload::Single inclu...

UBUNTU-CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffileinline.c:83, minilzo.c redistributed. The attack vector is: nfdump must read and process a specially crafted file...

Objection v1.6.6 - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. Note: This is not some form of jailbreak / root bypass. By using objection, yo...