[SECURITY] Fedora 43 Update: rust-ybaas-0.0.19-6.fc43

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Don't want the complexity of installing and using the yubibomb...

EUVD-2008-4680

Malware in sbrugna...

EUVD-2008-4681

Malware in sbrugna...

Fedora: Security Advisory for rust-yubibomb (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rust-yubibomb-0.2.14-3.fc39

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Now you can!...

Fedora: Security Advisory for rust-ybaas (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

com.aiwiown:aiwiown-spring-cache (>=1.0.0 <=1.0.2-2.0.1), com.connexta.libera:libera (>=1.0.1 <=1.1.1) +101 more potentially affected by CVE-2020-8441 via org.jyaml:jyaml (=1.3)

org.jyaml:jyaml MAVEN version =1.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.jyaml:jyaml and may be impacted: - com.aiwiown:aiwiown-spring-cache =1.0.0, =1.0.1, =1.0.0, =1.0.1, =0.1.3, =0.1.2, =0.1.2, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2,...

MGASA-2021-0382 Updated quassel packages fix a security vulnerability

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system CVE-2021-34825. Also, the default IRC server has been changed from Freenode to Libera Chat, as upstream has moved their quassel channel there...

Updated quassel packages fix a security vulnerability

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system CVE-2021-34825. Also, the default IRC server has been changed from Freenode to Libera Chat, as upstream has moved their quassel channel there...

Liberapay: Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution

Hello. There isn't a direct vulnerability, however a SQL injection would easily be escalated to a Remote Code Execution. I can't directly exploit it due to the restriction on team names it does not accept hexdecimal values. I, however, submit this issue in advance and will attempt to escalate thi...

Libera CMS <= 1.12 (Cookie) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl ---------------------------------------------------------- Libera CMS = 1.12 Cookie Remote SQL Injection Exploit Perl Exploit - Add a new admin with your credentials! Author: StAkeR - StAkeRathotmaildotit...

CVE-2008-4701

SQL injection vulnerability in admin.php in Libera CMS 1.12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffuser cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details...

Sql injection

SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffpass cookie parameter...

Sql injection

SQL injection vulnerability in admin.php in Libera CMS 1.12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffuser cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details...

CVE-2008-4700

SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffpass cookie parameter...

CVE-2008-4700

SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffpass cookie parameter...

CVE-2008-4701

SQL injection vulnerability in admin.php in Libera CMS 1.12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the liberastaffuser cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details...

CVE-2008-4701

CVE-2008-4701 describes a SQL injection in Libera CMS 1.12 under the condition that magic_quotes_gpc is disabled. The vulnerable element is the libera_staff_user cookie parameter, representing a different attack vector than CVE-2008-4700. The connected documents provide the same product/version c...

CVE-2008-4700

CVE-2008-4700 affects Libera CMS 1.12 and earlier. The vulnerable component is admin.php where, if magic_quotes_gpc is disabled, an attacker can inject SQL via the libera_staff_pass cookie parameter, enabling remote arbitrary SQL execution. The connected records also mention a separate vector for...

Libera CMS <= 1.12 (Cookie) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== Libera CMS agent"Mozilla/4.5 en Win95; U"; $https-timeout1; $https-defaultheader'Cookie' = "liberastaffpass=' or '1=1"; $request =...