IBM Spectrum Protect Plus File Upload RCE

The IBM Spectrum Protect Plus SPP administrative console running on the remote host is affected by a remote code execution vulnerability due to the fact that it allows remote installation of console plugins. An unauthenticated, remote attacker can exploit this and CVE-2020-4711 together, via...

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

Security feature bypass

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

PYSEC-2020-110

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

UBUNTU-CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

PYSEC-2020-110

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

CVE-2020-15251 Privilege Escalation in Channelmgnt plug-in for Sopel

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

CVE-2020-15251

CVE-2020-15251 affects the Channelmgnt plug‑in for Sopel prior to 1.0.3. The root cause is an ACL bypass that lets malicious users op/voice and take over a channel; the plug‑in is bundled with MirahezeBot‑Plugins (versions 9.0.0 through

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

Exploit for Use of Hard-coded Credentials in Glpi-Project Glpi

CVE-2020-5248 Proof of Concept PoC for CVE-2020-5248. S...

CVE-2020-25263

CVE-2020-25263 : PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI, allowing an arbitrary plugin to be deleted. The connected documents consistently describe the CSRF vulnerability in PyroCMS 3.7 and reference the same URI path...

Security Bulletin: Steps to update Dataquant Workstation and DataQuant WebSphere plugins.

Summary Query is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML function. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use...

Low: Red Hat Security Advisory: OpenShift Virtualization 2.4.2 Images

Red Hat OpenShift Virtualization release 2.4.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

[SECURITY] Fedora 32 Update: gitit-0.12.3.2-6.fc32

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...

VEF

This is a Vulnerability Exploitation Framework VEF repository, which is a collection of tools and scripts for exploiting vulnerabilities in various systems and applications. The framework is written in Python and utilizes various APIs from different vulnerability databases, including Censys, Fofa...

[SECURITY] Fedora 33 Update: rubygem-railties-6.0.3.3-1.fc33

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manages rails command line interface; provides Rails generators core;...

Post Grid < 2.0.73 & Team Showcase < 1.22.16 - Authenticated Stored Cross-Site Scripting (XSS)

Ram Gall from Wordfence discovered an authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in the Post Grid and Team Showcase WordPress plugins...