MiracleLinux 7 : mod_auth_mellon-0.14.0-8.el7 (AXSA:2020-4541:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4541:01 advisory. modauthmellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft CVE-2019-13038 Tenable has extracted the preceding...

MiracleLinux 8 : mod_auth_mellon-0.14.0-12.el8.1 (AXSA:2022-3531:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3531:01 advisory. modauthmellon: Open Redirect vulnerability in logout URLs CVE-2021-3639 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2022-45063

Malicious code in bioql PyPI...

PT-2025-28952 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to a directory traversal issue that allows unauthorized access to files. The issue is caused by insufficient validation of user-suppli...

CVE-2022-41956

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

CMU CERT/CC VINCE 2.0.6 - Stored XSS

Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...

CMU CERT/CC VINCE v2.0.6 Stored XSS

Summary VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform. Description The framework suffers from an authenticated stored cross-site scripting...

Promptmap - Automatically Tests Prompt Injection Attacks On ChatGPT Instances

Prompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance. By injecting malicious prompts into the system, an attacker can force the ChatGPT instance to do unintended actions. promptmap is a tool that automatically tests prompt...

Debian: Security Advisory (DLA-3359-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3359-1 libapache2-mod-auth-mellon - security update

Bulletin has no description...

[SECURITY] [DLA 3359-1] libapache2-mod-auth-mellon security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 13, 2023 https://wiki.debian.org/LTS -...

Debian dla-3359 : libapache2-mod-auth-mellon - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3359 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected]...

CVE-2022-41955 Autolab is vulnerable to remote code execution (RCE) via MOSS functionality

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

mellontrading.com Cross Site Scripting vulnerability OBB-2745278

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an...

mod_auth_mellon: Open Redirect vulnerability in logout URLs

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

Ubuntu: Security Advisory (USN-5069-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5069-2: mod-auth-mellon vulnerability

USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect...

USN-5069-1: mod-auth-mellon vulnerability

It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack...