7659 matches found
GHSA-GP2M-7CFP-H6GF Incorrect persistent NameID generation in SimpleSAMLphp
Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...
CVE-2020-5223
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
Cross site scripting
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
CVE-2020-5223
CVE-2020-5223 affects PrivateBin: 1.2.0 before 1.2.2 and 1.3.0 before 1.3.2. The root cause is an unescaped user-provided attachment filename that can inject HTML, enabling a persistent XSS when a paste is viewed (e.g., via cloning). The issue has been fixed in PrivateBin v1.3.2 and v1.2.2. Upgra...
CVE-2020-5223 Persistent XSS vulnerability in filename of attached file in PrivateBin
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1365)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2070-1 : ruby-excon security update
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. For Debian 8 'Jessie'...
Advie Framework 2.0.8 Cross Site Scripting
Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...
Adive Framework 2.0.8 - Persistent Cross-Site Scripting
Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...
Debian: Security Advisory (DLA-2070-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2070-1] ruby-excon security update
Package : ruby-excon Version : 0.33.0-2+deb8u1 CVE ID : CVE-2019-16779 Debian Bug : 946904 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests wou...
CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...
CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...
Remote code execution
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...
CVE-2019-20357
The connected records confirm CVE-2019-20357 is a Persistent Arbitrary Code Execution vulnerability in the Trend Micro Security (Consumer) line, specifically affecting the 2020 (v160) and 2019 (v15) consumer products. The vulnerability is described as allowing an attacker to create a malicious pr...
Trend Micro Maximum Security 2019 - Privilege Escalation
Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15...
Trend Micro Maximum Security 2019 - Privilege Escalation
Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15 Internet Security 2019 v15, Antivirus + Security 2019 v15...
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link: https://wordpress.org/plugins/postie/developers Version:...
WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link:...
openSUSE Security Update : rubygem-excon (openSUSE-2020-36)
This update for rubygem-excon fixes the following issues : CVE-2019-16779 boo1159342: Fix a race condition around persistent connections, where a connection, which was interrupted, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous...