PT-2020-14088 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.91 Description: The issue is related to insecure permissions in Gogs, specifically in the MakeEmailPrimary function located in models/user mail.go. This function lacks a check to ensure the user is the owner of the email,...

Fedora: Security Advisory for rubygem-rake (FEDORA-2020-28e06b5f08)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

gcc-toolset-9-make bug fix and enhancement update

An update is available for gcc-toolset-9-make. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent versions of...

[SECURITY] Fedora 31 Update: rubygem-rake-12.3.3-200.fc31

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...

[SECURITY] Fedora 30 Update: rubygem-rake-12.3.3-200.fc30

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...

UBUNTU-CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

make-kanojo.com Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3596 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting make-kanojo.com website and its users. Following...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral...

HashCobra - Hash Cracking Tool

hashcobra Hash Cracking tool. Usage $ ./hashcobra -H --== hashcobra by sepehrdad ==-- usage: hashcobra -o options | misc options: -a - hashing algorithm default: md5 - ? to list available algorithms -c - compression algorithm default: zstd - ? to list available algorithms -h - hash to crack -r -...

make-up-artist-show.de Cross Site Scripting vulnerability

Security Researcher Gh05tPT Helped patch 6846 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting make-up-artist-show.de website and its users. Following...

CVE-2019-8451

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function

REJECTED CVE A heap-based buffer overflow vulnerability exists in EDK II within the MakeTable function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this flaw by supplying a crafted file, potentially leading to privilege escalatio...

CVE-2016-10823

cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation SEC-89...

CVE-2019-1020013

parse-server before 3.6.0 allows account enumeration...

UBUNTU-CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication

sshd-poison is a tool to get creds of pam based sshd authentication, this is not the easiest way to do that you can create a pam module, or just add auth optional pamexec.so quiet exposeauthtok /bin/bash -c read,-r,x;echo,-e,"env\n$x"somefile in a service configuration, not even the stealthiest t...

PT-2019-8949 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology Diskstation Manager DSM versions prior to 6.2-23739-1 Description: A command injection issue exists, allowing remote authenticated users to execute arbitrary OS commands. This can be achieved via the MKD or RMD command...

PT-2019-2906 · Sox +2 · Sox +2

Name of the Vulnerable Software and Affected Versions: SoX version 14.4.2 Description: A problem was discovered in the lsx make lpf function in effect i dsp.c, which allows a NULL pointer dereference. This issue can be exploited by a remote attacker to cause a denial of service. Recommendations:...

The vulnerability of the `make_archive` function in the `shutil` module of the Python programming language interpreter (CPython) allows a malicious actor to trigger a service failure or gain unauthorized access to information.

The vulnerability of the makearchive function in the shutil module of the Python programming language interpreter CPython is related to errors in user input filtering. Exploiting this vulnerability could allow an attacker to cause service failures or gain unauthorized access to protected...