PT-2022-4672 · Unknown +7 · 389-Ds-Base +7

Name of the Vulnerable Software and Affected Versions: 389-ds-base affected versions not specified Description: A double-free issue was found in the way 389-ds-base handles virtual attributes context in persistent searches. This could allow an attacker to send a series of search requests, forcing...

CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...

FreeBSD : Gitlab -- Multiple vulnerabilities (43ee6c1d-29ee-11e9-82a1-001b217b3468)

Gitlab reports : Leak of Confidential Issue and Merge Request Titles Persistent XSS in User Status C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors...

CVE-2019-6504

Insufficient output sanitization in the Automic Web Interface AWI, in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting XSS attacks via a crafted object...

Cross site scripting

Insufficient output sanitization in the Automic Web Interface AWI, in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting XSS attacks via a crafted object...

WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection

Vulnerability: Unauthenticated Persistent XSS, Blind SQL Injection Affected Software: Forminator Affected Version: 1.5.4 Patched Version: 1.6 CVE: not requested Risk: High Vendor Contacted: 11/25/2018 Vendor Fix: 12/10/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen Unauthenticated Persistent...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Leak of Confidential Issue and Merge Request Titles Persistent XSS in User Status...

This Week in Security News: Hacker Strategies and Spyware Attacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how hackers are improving their breach strategies. Also, learn about new spyware attacks via URLs, websites, and mobile apps. Re...

FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)

Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...

What Enterprise Leaders Should know about Persistent Threats in 2019

Staving off critical threats in the current cybersecurity landscape is a tall order for any size organization. As hackers continually shift and improve upon their attack and breach strategies, IT and security stakeholders must do their best to keep up and remain informed of these trends. This is...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persisten...

Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution

Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...

Splunk Enterprise 7.2.3 Command Execution

!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html Version: 7.2.3 Tested on: kali...

Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution

!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html Version: 7.2.3 Tested on: kali...

Microsoft’s Cyber Defense Operations Center shares best practices

Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state o...

CVE-2019-0023

A persistent cross-site scripting XSS vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative...

CVE-2019-0023 Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu

A persistent cross-site scripting XSS vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative...

Denial Of Service (DoS)

389-ds-base is vulnerable to denial of service DoS attacks. The vulnerability exists as 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could u...

MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on: Ubuntu 18.04 CVE:...

Embed Video Scripts - Persistent Cross-Site Scripting

Embed Video Scripts - Persistent Cross-Site Scripting Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor...