Post Grid < 2.0.73 & Team Showcase < 1.22.16 - PHP Object Injection

Ram Gall from Wordfence discovered an authenticated subscriber+ PHP Object Injection vulnerability in the Post Grid and Team Showcase WordPress plugins...

BurpSuite-collections

有关burpsuite的插件非商店,文章以及使用技巧的收集此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载---Collection of burpsuite plugins non-stores, articles and tips for using Burpsuite, no crack version file...

pocsuite3

Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the analysis: pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine...

@amphro/streamer (>=0.0.0 <=1.0.1), @appirio/demo-scoped-pkg (>=2.4.1 <=2.8.0) +297 more potentially affected by CVE-2020-7777 via jsen (>=0.1.2 <=0.6.6)

jsen NPM version =0.1.2, =0.0.0, =2.4.1, =0.5.9, =0.1.0, =1.0.0, =0.6.9, =1.0.0, =1.0.0, =1.0.0, =2.2.3, =0.0.1, =0.1.0, =0.0.7, =1.4.0, =13.6.18 and more Source cves: CVE-2020-7777 Source advisory: SNYK:JS-JSEN-1014670...

[SECURITY] Fedora 33 Update: gitit-0.13.0.0-4.fc33

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

Denial Of Service (DoS)

Wireshark is vulnerable to denial of service. The WiMax DLMAP dissector could crash due to a flaw in plugins/epan/wimax/msgdlmap.c which misses validation of a length field...

CVE-2020-15186

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...

CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

CVE-2020-3979

InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...

Command Injection

github.com/helm/helm is vulnerable to command injection. The name and YAML data from the plugin.yaml is not sanitized when a plugin is loaded from a given directory. This allows an attacker to inject arbitrary characters to cause unexpected behaviors such as loading of malicious plugins or spoofi...

CVE-2020-15186 Improper sanitization of plugin names in Helm

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...

Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)

NinTechNet discovered multiple WordPress plugins and themes vulnerable to Cross-Site Request Forgery CSRF. The items only check the CSRF nonce if it has been provided, making them vulnerable to CSRF attacks if the nonce is removed. This is due to the confusing use of logic operators when verifyin...

Qt GUI: Buffer overflow

Background The GUI module and platform plugins for the Qt5 framework. Description It was discovered that Qt GUI’s XBM parser did not properly handle X BitMap files. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

RHEL 7 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

LearnPress < 3.2.7.3 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

Cookiebot < 3.6.1 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.4.20 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 7 : OpenShift Container Platform 4.4.20 jenkins-2-plugins (RHSA-2020:3625)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3625 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Faraday v3.12 - Collaborative Penetration Test and Vulnerability Management Platform

There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place, This update is focused on improving your everyday...

Fedora: Security Advisory for dovecot (FEDORA-2020-cd8b8f887b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...