Critical Photon OS Security Update - PHSA-2021-4.0-0007

Updates of 'python3', 'linux', 'nodejs', 'libtiff', 'linux-aws', 'curl', 'docker', 'glib', 'openssl', 'wpasupplicant', 'libvirt', 'linux-rt', 'mysql', 'apache-tomcat', 'linux-secure', 'containerd' packages of Photon OS have been released...

Updated python and python3 packages fix security vulnerability

Updated python and python3 security vulnerability: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a...

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

CVE-2021-21975 SSRF-POC - ssrf to cred leak First configur...

GHSA-MPVW-25MG-59VX Server-side Request Forgery (SSRF) via img tags in reportlab

All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:0947-1)

This update for python3 fixes the following issues : python36 was updated to 3.6.13 CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the precedin...

Dolibarr ERP/CRM 11.0.4 Bypass / Code Execution

Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...

SUSE-SU-2021:0947-1 Security update for python3

This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

SUSE SLES12 Security Update : python3 (SUSE-SU-2021:0886-1)

This update for python3 fixes the following issues : CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the preceding description block directly fr...

[SECURITY] Fedora 34 Update: pyatspi-2.38.1-1.fc34

at-spi allows assistive technologies to access GTK-based applications. Essentially it exposes the internals of applications for automation, so tools such as screen readers, magnifiers, or even scripting interfaces can query and interact with GUI controls. This package includes a python3 client...

Fedora: Security Advisory for mingw-python3 (FEDORA-2021-e525e48886)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: mingw-python3-3.9.2-2.fc34

MinGW Windows python3 library...

Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager

Usage python3 f5rce.py -u Target URL -f Batch detectio...

Rocket.Chat: Pre-Auth Blind NoSQL Injection leading to Remote Code Execution

Summary: The getPasswordPolicy method is vulnerable to NoSQL injection attacks and does not require authentication/authorization. It can be used to take over accounts by leaking password reset tokens. Taking over an admin account leads to Remote Code Execution. Description: The getPasswordPolicy...

SUSE-SU-2021:0886-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

openSUSE Security Update : freeradius-server (openSUSE-2021-428)

This update for freeradius-server fixes the following issues : - move logrotate options into specific parts for each log as 'global' options will persist past and clobber global options in the main logrotate config bsc1180525 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Photon OS 2.0: Python3 PHSA-2021-2.0-0327

An update of the python3 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0327. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

[SECURITY] Fedora 33 Update: mingw-python3-3.9.2-1.fc33

MinGW Windows python3 library...

[SECURITY] Fedora 32 Update: mingw-python3-3.8.8-1.fc32

MinGW Windows python3 library...

Fedora 33 : mingw-python3 (2021-b76ede8f4d)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-b76ede8f4d advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable ...

Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct

The tutormarkanswerascorrect AJAX action from the plugin was vulnerable to blind and time based SQL injections that could be exploited by students. python3 sqlmap.py -r /tutortime.txt --dbms=mysql --technique=T -p answerid --dump Where tutortime.txt is POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...