NewStart CGSL CORE 5.04 / MAIN 5.04 : ksh Vulnerability (NS-SA-2020-0024)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environme...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0025)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2020-0028)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been...

NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...

JMX Rebind Flaw

camel is vulnerable to JMX rebind. The vulnerability exists due to a lack of security on JMX connector configuration...

CVE-2020-12766

Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter...

Security Bulletin: A security vulnerability in IBM Websphere affects IBM Tivoli Netcool Performance Manager for Wireline (CVE-2013-0169)

Summary The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform main in the middle attacks to successfully obtain plain text from the secure channel. Vulnerability...

NewStart CGSL MAIN 4.05 : freetype Multiple Vulnerabilities (NS-SA-2020-0015)

The remote NewStart CGSL host, running version MAIN 4.05, has freetype packages installed that are affected by multiple vulnerabilities: - FreeType before 2.6.1 has a heap-based buffer over-read in T1GetPrivateDict in type1/t1parse.c. CVE-2015-9381 - FreeType before 2.6.1 has a buffer over-read i...

NewStart CGSL MAIN 4.05 : openslp Vulnerability (NS-SA-2020-0015)

The remote NewStart CGSL host, running version MAIN 4.05, has openslp packages installed that are affected by a vulnerability: - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an...

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2020-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability: - A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libarchive Vulnerability (NS-SA-2020-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libarchive packages installed that are affected by a vulnerability: - A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ipa Multiple Vulnerabilities (NS-SA-2020-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ipa packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA master...

Privilege Escalation

kernel is vulnerable to privilege escalation. A flaw in the DRM driver for Intel graphics cards that allowed a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server which is granted through the graphical login. This also only...

Centreon Infrastructure Monitoring Software Code Execution Vulnerability

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . A security vulnerability exists in Centreon Infrastructure Monitoring Software version...

R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

Disclaimer This is a PoC exploit for the CVE-2019-15126 kr00k vulnerability. This project is intended for educational purposes only and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials. Requirements To u...

FreeCommander XE 2020 Pathname Buffer Overflow Exploit

!/usr/bin/python Exploit Title: FreeCommander XE 2020 - Pathname Buffer Overflow SEH Version: Build 810a 32-bit Software Link: https://freecommander.com/downloads/FreeCommanderXE-32-publicsetup.zip Exploit Author: Hodorsec email protected / email protected Vendor Homepage:...

10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow SEH Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe Version: 8.54 Tested on:...

CVE-2020-10821

Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter...

NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2020-0017)

The remote NewStart CGSL host, running version MAIN 4.05, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to...