USN-4538-1: PackageKit vulnerabilities

Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. CVE-2020-16121 Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Security update for lilypond (moderate)

openSUSE Security Update: Security update for lilypond Announcement ID: openSUSE-SU-2020:1453-1 Rating: moderate References: 1174949 Cross-References: CVE-2020-17353 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available...

Security update for libxml2 (moderate)

openSUSE Security Update: Security update for libxml2 Announcement ID: openSUSE-SU-2020:1465-1 Rating: moderate References: 1176179 Cross-References: CVE-2020-24977 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for libxml2...

Bxss - A Blind XSS Injector Tool

ABlind XSS Injector tool Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods PUT,POST,GET,OPTIONS all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments ...

Security update for mumble (moderate)

openSUSE Security Update: Security update for mumble Announcement ID: openSUSE-SU-2020:1439-2 Rating: moderate References: 1174041 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for mumble fixes the following...

EUVD-2020-12212

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

EUVD-2020-12164

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

EUVD-2020-12073

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Security update for go1.14 (important)

openSUSE Security Update: Security update for go1.14 Announcement ID: openSUSE-SU-2020:1405-1 Rating: important References: 1164903 1169832 1170826 1172868 1174153 1174191 1174977 Cross-References: CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 Affected Products: openSUSE Leap 15.1 An update that...

jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

Description of the security update for Office 2016: September 8, 2020

Description of the security update for Office 2016: September 8, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common...

Hyland OnBase SQL Injection

CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...

Tackling Video Piracy Head-On

We are clearly in a "new" golden age of TV. Audiences around the world have never had so many viewing options available. This has led to a creative surge in new groundbreaking storytelling and entertainment as both broadcasters and digital giants try to maintain the loyalty of their viewers. This...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:1275-1 Rating: important References: 1174662 Cross-References: CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 Affected Products: openSUSE Leap 15.2 An update that fixes...

Security update for claws-mail (moderate)

openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2020:1269-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...

How can Microsoft Threat Protection help reduce the risk from phishing?

Microsoft Threat Protection can help you reduce the cost of phishing The true cost of a successful phishing campaign may be higher than you think. Although phishing defenses and user education have become common in many organizations, employees still fall prey to these attacks. This is a problem...

Security update for libreoffice (moderate)

openSUSE Security Update: Security update for libreoffice Announcement ID: openSUSE-SU-2020:1261-1 Rating: moderate References: 1062631 1146025 1157627 1165849 1172053 1172189 1172795 1172796 Cross-References: CVE-2020-12802 CVE-2020-12803 Affected Products: openSUSE Leap 15.2 An update that solv...

Security update for balsa (moderate)

openSUSE Security Update: Security update for balsa Announcement ID: openSUSE-SU-2020:1230-1 Rating: moderate References: 1174711 Cross-References: CVE-2020-16118 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update for...

Urlbuster - Powerful Mutable Web Directory Fuzzer To Bruteforce Existing And/Or Hidden Files Or Directories

Powerful web directory fuzzer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but with a lot of mutation options. Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries for slow servers Persistent and...