[SECURITY] Fedora 28 Update: nbdkit-1.4.4-1.fc28

NBD is a protocol for accessing block devices hard disks and disk-like things over the network. 'nbdkit' is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Well-documented, simple plugin API with a stable ABI guarantee. Allows...

ThreatList: WordPress Vulnerabilities Up 30 Percent in 2018

UPDATE Vulnerabilities in popular content management system CMS WordPress are growing at a rapid rate, up 30 percent in 2018, according to new web application bug research released Wednesday. Researchers at Imperva said that in 2018, they continued to see a trend of increasing web application...

i-plugins.com XSS vulnerability

Open Bug Bounty ID: OBB-716389 Description| Value ---|--- Affected Website:| i-plugins.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

The vulnerability of the ReadImage function in the GIMP graphic editor, which involves reading beyond the buffer limit of memory, allows attackers to cause service failures, undermine data integrity, and compromise confidentiality.

The vulnerability of the ReadImage function in the GIMP graphic editor’s plug-ins/common/file-tga.c file is related to the issue of writing out images from memory beyond the buffer boundary when reading RGBA images that contain non-standard pixel bit values. Exploiting this vulnerability can allo...

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

New Advanced Dynamic Scan Policy Template in Nessus 8

According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let's say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable...

PA Toolkit - A Collection Of Traffic Analysis Plugins Focused On Security

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins both dissectors and taps covering various scenarios for multiple protocols,...

Out-of-bounds

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function historyextract in plugins/ole2extractor.c, related to EXTRACTORcommonconverttoutf8 in common/convert.c...

Null pointer dereference

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function processmetadata in plugins/ole2extractor.c...

CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function historyextract in plugins/ole2extractor.c, related to EXTRACTORcommonconverttoutf8 in common/convert.c...

CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function historyextract in plugins/ole2extractor.c, related to EXTRACTORcommonconverttoutf8 in common/convert.c...

CVE-2018-20430

CVE-2018-20430 affects GNU Libextractor up to version 1.8, with an out-of-bounds read in history_extract() (plugins/ole2_extractor.c) related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. The issue is reported across multiple advisories and distributions, including Debian DSA-4361 and ...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +5777 more potentially affected by CVE-2014-0050 via commons-fileupload:commons-fileupload (>=1.0 <=1.3.1-jenkins-2)

commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =1.0, =1.0, =3.1.1, =0.0.1, =0.3.15 and more Source cves: CVE-2014-0050 Source advisory: OSV:GHSA-XX68-JFCG-XMMF...

CVE-2018-1000837

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...

Xxe

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...

WordPress Privilege Escalation through Post Types

Impact - What can an attacker do WordPress is at the core a Blogging Software that allows user to create and publish posts. Over time, different post types were introduced, such as pages and media entries images, videos etc.. Plugins can register new post types, such as products or contact forms...

CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins...

CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins...

UBUNTU-CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins...

CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins...