[SECURITY] [DLA 2070-1] ruby-excon security update

Package : ruby-excon Version : 0.33.0-2+deb8u1 CVE ID : CVE-2019-16779 Debian Bug : 946904 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests wou...

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

Remote code execution

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

CVE-2019-20357

The connected records confirm CVE-2019-20357 is a Persistent Arbitrary Code Execution vulnerability in the Trend Micro Security (Consumer) line, specifically affecting the 2020 (v160) and 2019 (v15) consumer products. The vulnerability is described as allowing an attacker to create a malicious pr...

Trend Micro Maximum Security 2019 - Privilege Escalation

Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15 Internet Security 2019 v15, Antivirus + Security 2019 v15...

Trend Micro Maximum Security 2019 - Privilege Escalation

Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15...

WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link:...

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link: https://wordpress.org/plugins/postie/developers Version:...

openSUSE Security Update : rubygem-excon (openSUSE-2020-36)

This update for rubygem-excon fixes the following issues : CVE-2019-16779 boo1159342: Fix a race condition around persistent connections, where a connection, which was interrupted, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous...

Real Estate 7 < 2.9.5 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'Real Estate 7 WordPress', tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit WPScanTeam: January 12th - Report Received & Envato Contacted...

Real Estate 7 < 2.9.5 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'Real Estate 7 WordPress', tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit WPScanTeam: January 12th - Report Received & Envato Contacted...

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

Cross site scripting

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

Cross site scripting

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

CVE-2019-20212

CVE-2019-20212 affects WordPress themes CTHthemes CityBook (pre-2.3.4), TownHub (pre-1.0.6), and EasyBook (pre-1.2.2). The vulnerability is a Persistent XSS via the chat widget/page message form, allowing injected script to persist in user sessions. Red Hat and other sources corroborate the same ...

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

CVE-2019-20211

The CVE-2019-20211 entry affects WordPress themes CTHthemes CityBook (&lt;2.3.4), TownHub (&lt;1.0.6), and EasyBook (