[SECURITY] Fedora 31 Update: golang-1.13.9-1.fc31

The Go Programming Language...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2016-5386

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...

Unspecified vulnerability in CIPPlanner CIPAce (CNVD-2020-21817)

CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability by sending an API request to obtain the uplo...

Unspecified Vulnerability in CIPPlanner CIPAce

CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability to obtain ETL process contents by sending a...

CVE-2020-11587

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...

CVE-2020-11586

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data...

EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2020-1355)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespac...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-1355)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code execution vulnerability in Ape Programming client

Ape Programming Client is a platform under Ape Tutoring that specializes in online education for youth programming. A code execution vulnerability exists in Ape Programming Client, which can be exploited by attackers to execute malicious code...

TP-Link Archer C50 3 - Denial of Service Exploit

Exploit Title: TP-Link Archer C50 3 - Denial of Service PoC Exploit Author: thewhiteh4t Vendor Homepage: https://www.tp-link.com/ Version: TP-Link Archer C50 v3 Build 171227 Tested on: Arch Linux x64 CVE: CVE-2020-9375 Description:...

Google Kubernetes Resource Management Error Vulnerability

Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A resource management error...

Fedora: Security Advisory for libarchive (FEDORA-2020-235688c222)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ZyXEL Cloud CNM SecuManager Unauthorized Remote Code Execution Vulnerability

Zyxel Cloud CNM SecuManager is a full-featured network management software that provides an integrated console to monitor and manage security grids, including the ZyWALLUSG and VPN series. An unauthorized remote code execution vulnerability exists in Zyxel Cloud CNM SecuManager, which can be...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

SQL Injection Vulnerability in Eight Image Encryption Platforms

Eight Image Encryption Platform is designed and developed in php+mysql environment by calling the API of Eight Image Platform. There is a SQL injection vulnerability in Eight Image Encryption Platform, which can be exploited by attackers to gain database privileges...

Unauthorized Access Vulnerability in Jingyun Network Antivirus System

Jingyun Network Antivirus System is a new generation of enterprise-level anti-virus security protection software launched by T&S Leader. KingCloud Network Antivirus System has an unauthorized access vulnerability, which can be exploited by attackers to directly access the api to obtain sensitive...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2020-1141)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP...

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The primary target of this tool is the Metasploit Framework itself, which is a Ruby-based framework for developing and executing...

[SECURITY] Fedora 31 Update: ksh-2020.0.0-2.fc31

KornShell is a shell programming language, which is upward compatible with "sh" the Bourne Shell...