PHPKB Multi-Language 9 Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...

PHPKB Multi-Language 9 Authenticated Directory Traversal

Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on:...

PHPKB Multi-Language 9 - Authenticated Remote Code Execution

PHPKB Multi-Language 9 - Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...

PHPKB Multi-Language 9 Authenticated Remote Code Execution

Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17370)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language version 9...

Chadha PHPKB path traversal vulnerability (CNVD-2020-18319)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A path traversal vulnerability exists in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9. An attacker...

Chadha PHPKB path traversal vulnerability (CNVD-2020-18322)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A path traversal vulnerability exists in admin/assetmanager/assetmanager.php in Chadha PHPKB Standard Multi-Language 9. An attacker...

(RHSA-2020:0638) Low: Red Hat Satellite Proxy 5 - 90 day End Of Life Notice

After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit...

(RHSA-2020:0637) Low: Red Hat Satellite 5 - 90 day End Of Life Notice

After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the...

CVE-2020-1938

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

CVE-2019-11478

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Qualys Cloud Platform 8.22 New Features (VM, PC)

Update December 11, 2019: See additional details about this release. The 8.22.0 release adds several new features in Qualys Cloud Platform, adds a new API in Policy Compliance and support for 2 new technologies for OCA. Feature Highlights Qualys Cloud Platform Support for DNS tracking – You can n...

CVE-2019-11135

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

CVE-2019-11479

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...

CVE-2019-1125

A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel. Mitigation For mitigation related information, please refer to the Red Hat Knowledgebase artic...

CVE-2019-13272

A flaw was found in the way PTRACETRACEME functionality was handled in the Linux kernel. The kernel's implementation of ptrace can inadvertently grant elevated permissions to an attacker who can then abuse the relationship between the tracer and the process being traced. This flaw could allow a...

CVE-2019-3834

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 JON. This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3...

CVE-2019-3834

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 JON. This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3...

CVE-2019-3834

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 JON. This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3...

LiveZilla Server Denial of Service Vulnerability

LiveZilla Server is a free online customer service system from LiveZilla Germany. The system provides real-time monitoring of visitors, offline messages, GeoTracking map tracking, access statistics, online chat and other features. A denial of service vulnerability exists in the knowledgebase.php...