1294 matches found
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
Xxe
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
CVE-2019-14678
SAS XML Mapper 9.45 contains an XML External Entity (XXE) vulnerability in its XML parsing, also affecting the XMLV2 LIBNAME engine when AUTOMAP is used. The issue enables attackers to perform Local File Reading, Out Of Band File Exfiltration, Server-Side Request Forgery, and Potential Denial of ...
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
icsmaster
This repository is an offensive tool for ICS Industrial Control Systems security research and exploitation. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is maintained by GeneBlue and appears to be a...
oscp
This is an offensive tool for penetration testing and vulnerability assessment. It is a Python script called reconscan.py that is designed to be used as a preparation for the OSCP Offensive Security Certified Professional exam. The script is multithreaded and can be run against several hosts at...
Moderate: Red Hat Security Advisory: python36:3.6 security update
An update for the python36:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2019:0984 Moderate: python36:3.6 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an...
python27:2.7 security update
An update is available for python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe, python-pluggy,...
NULL Pointer Dereference
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...
CVE-2019-9910
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS...
Kingcomposer Cross-Site Scripting Vulnerability
WordPress plugin KingComposer is a professional backend and frontend page builder plugin. A cross-site scripting vulnerability exists in the wp-admin/admin.php?page=kc-mapper page in version 2.7.6 of the WordPress kingcomposer plugin. A remote attacker can exploit the vulnerability to execute...
ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-19360 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-19360 Source advisory: OSV:GHSA-F9HV-MG5H-XCW9...
Smap - Shellcode Mapper
Handy tool for shellcode analysis. Requirements objdump Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/smap.git cd smap/ python smap.py -h get shellcodes @ http://shell-storm.org/shellcode/,...
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit
The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie, remote code execution is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. This module requires Metasploit:...
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Erlang Port Mapper Daemon Cookie RCE', 'Description' = %q The erlang port mapper daemon is used to coordinate distributed erlang instances. Shoul...
Erlang Port Mapper Daemon Cookie RCE
The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie RCE is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. This module requires Metasploit: https://metasploit.com/download Current source...
GHSA-HMQ6-FRV3-4727 jackson-dataformat-xml vulnerable to XML external entity (XXE)
XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impact via unknown vectors...
GHSA-QXXX-2PP7-5HMX jackson-databind is vulnerable to a deserialization flaw
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...