Command injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

CVE-2020-7633

CVE-2020-7633 affects the IBM API Connect plugin package apiconnect-cli-plugins up to version 6.0.1. The vulnerability is a Command Injection caused by lack of sanitization of the pluginUri parameter, enabling execution of arbitrary commands. Public references provide a PoC showing how an attacke...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

[SECURITY] Fedora 32 Update: eclipse-pydev-7.5.0-1.fc32

The eclipse-pydev package contains Eclipse plugins for Python development...

apic-apiconnect (>=1.1.0 <=1.1.1), apic-discount (=1.0.0) +7 more potentially affected by CVE-2020-7633 via apiconnect-cli-plugins (>=1.1.1 <=8.0.1)

apiconnect-cli-plugins NPM version =1.1.1, =1.1.0, =1.0.1, =1.1.6, =1.0.0, =2.8.29, =1.0.5, =2.2.11 Source cves: CVE-2020-7633 Source advisory: SNYK:JS-APICONNECTCLIPLUGINS-564427...

WP Advanced Search < 3.3.6 - Unauthenticated SQL Injection

Due to using string concatenation, allowing direct access to a vulnerable PHP file and missing best-practices for coding SQL operations, there exists an unauthenticated SQL injection in autocompletion-PHP5.5.php. After a month of trying to contact the Plugin author Twitter, email, we followed...

Debian: Security Advisory (DLA-2164-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nbdkit: denial of service due to premature opening of back-end connection

A denial of service vulnerability was discovered in nbdkit. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and...

[SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update

Package : gst-plugins-bad0.10 Version : 0.10.23-7.4+deb8u3 CVE ID : CVE-2015-0797 CVE-2016-9809 CVE-2017-5843 CVE-2017-5848 Several issues have been found in gst-plugins-bad0.10, a package containing GStreamer plugins from the "bad" set. All issues are about use-after-free, out of bounds reads or...

VulnCheck KEV: CVE-2020-20634

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog...

DLA-2164-1 gst-plugins-bad0.10 - security update

Bulletin has no description...

OPENSUSE-SU-2020:0398-1 Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman

This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 - T...

Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (moderate)

openSUSE Security Update: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Announcement ID: openSUSE-SU-2020:0398-1 Rating: moderate References: 1155217 1160460 1164390 Cross-References: CVE-2019-18466 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerabili...

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)

Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion LFI vulnerability CVE-2014-2383. PoC...

Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)

Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion LFI vulnerability CVE-2014-2383...

Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.

Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind Chepy to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner. There are some key advantages and...

SUSE SLES15 Security Update : cni, cni-plugins, conmon, fuse-overlayfs, podman (SUSE-SU-2020:0697-1)

This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues : podman was updated to 1.8.0 : CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 The...

SUSE-SU-2020:0697-1 Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman

This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 - T...