NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)

The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent proces...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openjpeg2 Vulnerability (NS-SA-2020-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openjpeg2 packages installed that are affected by a vulnerability: - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c because of lack of opjj2kupdateimagedimensions...

NewStart CGSL CORE 5.04 / MAIN 5.04 : apache-commons-beanutils Vulnerability (NS-SA-2020-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has apache-commons-beanutils packages installed that are affected by a vulnerability: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to acces...

NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2020-0023)

The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during...

NewStart CGSL MAIN 4.05 : openssl Vulnerability (NS-SA-2020-0019)

The remote NewStart CGSL host, running version MAIN 4.05, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python-reportlab Vulnerability (NS-SA-2020-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-reportlab packages installed that are affected by a vulnerability: - ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with '...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0010)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is...

NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2020-0019)

The remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - mcat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. CVE-2018-11806 - Qemu emulator = 3.0.0 built with the NE2000...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted...

NewStart CGSL MAIN 4.05 : php Vulnerability (NS-SA-2020-0018)

The remote NewStart CGSL host, running version MAIN 4.05, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past...

NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)

The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...

NewStart CGSL MAIN 4.05 : nss-softokn Vulnerability (NS-SA-2020-0018)

The remote NewStart CGSL host, running version MAIN 4.05, has nss-softokn packages installed that are affected by a vulnerability: - When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This cou...

NewStart CGSL MAIN 4.05 : vim Vulnerability (NS-SA-2020-0020)

The remote NewStart CGSL host, running version MAIN 4.05, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by...

main-echo.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1111466 Security Researcher raviakp1004 Helped patch 568 vulnerabilities Received 4 Coordinated Disclosure badges Received 5 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting main-echo.de website and...

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

Liffy - Local File Inclusion Exploitation Tool

LFI Exploitation tool A little python tool to perform Local file inclusion. Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time. Main feature data:// for code...

Moxa AWK-3131A iw_console conio_writestr Remote Code Execution Vulnerability

Summary An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send...

php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

CVE-2018-5389

It was found that IKEv1 and potentially IKEv2 authentication when using a pre-shared key PSK is vulnerable to offline dictionary attacks in Main Mode as well as in Aggressive Mode. A man-in-the-middle attacker who intercepted the handshake of two peers authenticating with a PSK, could apply a...