CVE-2026-45746

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...

EUVD-2018-2924

Malware in sbrugna...

EUVD-2006-2472

Malware in sbrugna...

EUVD-2006-2111

Malware in sbrugna...

Advantages of a Cloud VPS Server

By Owais Sultan A Cloud VPS Virtual Private Server is a virtualized instance of a physical server hosted in the cloud, offering scalable computing resources and the ability to run applications and services independently, providing flexibility and cost-effectiveness. This is a post from HackRead.c...

CVE-2023-4335

Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...

Broadcom RAID Controller Access Control Error Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation. A security vulnerability exists in the Broadcom RAID Controller that originates from allowing a web server to provide private server files to an unauthenticated attacker...

[SECURITY] Fedora 35 Update: owncloud-client-2.10.1-1.fc35

Owncloud-client enables you to connect to your private ownCloud Server. With it you can create folders in your home directory, and keep the contents of those folders synced with your ownCloud server. Simply copy a file into the directory and the ownCloud Client does the rest...

[SECURITY] Fedora 36 Update: owncloud-client-2.10.1-1.fc36

Owncloud-client enables you to connect to your private ownCloud Server. With it you can create folders in your home directory, and keep the contents of those folders synced with your ownCloud server. Simply copy a file into the directory and the ownCloud Client does the rest...

[SECURITY] [DLA 2730-1] libpam-tacplus security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2730-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 04, 2021 https://wiki.debian.org/LTS -...

openmptcprouter-vps-admin 授权问题漏洞

openmptcprouter-vps-admin is an application. An OpenMPTCProuter API is based on FastAPI. A security vulnerability in Omr-admin.py in openmptcprouter-vps-admin version 0.57.3 and earlier can be exploited by remote attackers to guess passwords via a timing attack...

[SECURITY] [DLA 2239-1] libpam-tacplus security update

Package : libpam-tacplus Version : 1.3.8-2+deb8u1 CVE ID : CVE-2020-13881 It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For...

Carina - Webshell, Virtual Private Server (VPS) And cPanel Database

Carina is a web application used to store webshell, Virtual Private Server VPS and cPanel data. Carina is made so that we don't need to store webshell, VPS or cPanel data in "strange places". Screenshots Install Carina 1. $ git clone https://github.com/c0delatte/carina && cd carina 2. Run compose...

GitLab 12.9.0 - Arbitrary File Read Exploit

Exploit for ruby platform in category web applications Exploit Title: GitLab 12.9.0 - Arbitrary File Read Exploit Author: KouroshRZ Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Ubuntu 18.04 but it's O...

Convincing Google Impersonation Opens Door to MiTM, Phishing

An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill — while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky set out to see how...

GLSA-202003-09 : OpenID library for Ruby: Server-Side Request Forgery

The remote host is affected by the vulnerability described in GLSA-202003-09 OpenID library for Ruby: Server-Side Request Forgery It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact : A remote attacker could possibly change the URL used for...

OpenID library for Ruby: Server-Side Request Forgery

Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...

Sshtunnel - SSH Tunnels To Remote Server

Inspired by https://github.com/jmagnusson/bgtunnel, which doesn't work on Windows. See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installation sshtunnel is on PyPI, so simply run: pip install sshtunnel or easyinstall sshtunnel or conda install -c...

[SECURITY] [DLA 1956-1] ruby-openid security update

Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...

ALPINE-CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket...