vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

PT-2019-6135

Name of the Vulnerable Software and Affected Versions vBulletin versions 5.0.0 through 5.5.4 Description The issue is related to errors in code generation management, allowing a remote attacker to execute arbitrary commands using a specially crafted widgetConfigcode parameter in an...

vBulletin 5.x Pre-Auth Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

Atlassian Jira Information Disclosure Vulnerability (CNVD-2019-32326)

Atlassian Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. An information disclosure vulnerability exists in the /rest/api/1.0/render resource in Atlassian Jira versions prior to 8.4.0, which can be exploited by a remote attacker...

CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...

The vulnerability of the AppCache component in the Google Chrome web browser allows a hacker to circumvent existing security restrictions.

The vulnerability of the AppCache component in the Google Chrome web browser is related to security configuration errors. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions by using compromised render processes...

Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in ePO extension in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted uploa...

Malicious Package

cicada-render is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

DEBIAN-CVE-2019-1010006

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiffdocumentrend...

Malicious Package

Overview All versions of cicada-render contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

The vulnerability of the Action View component of the Ruby on Rails software platform, allowing attackers to read arbitrary files

The vulnerability of the Action View component in the Ruby on Rails software framework is related to errors in handling HTTP headers “Accept” when used in the “render file” handler code. Exploiting this vulnerability allows an attacker to read arbitrary files...

Ruby on Rails Arbitrary File Read Vulnerability

Ruby on Rails is a very productive, high-maintenance, easy-to-deploy Ruby on Rails Ruby on Rails is a very productive, high-maintenance, and easy-to-deploy web development framework developed using Ruby, and is one of the preferred frameworks for web application development worldwide. Ruby on Rai...

Exploit for Path Traversal in Rubyonrails Rails

CVE-2019-5418 - File Content Disclosure on Rails EDIT: th...

Information Disclosure

actionpack is vulnerable to information disclosure. A remote attacker is able to retrieve arbitrary files on the target server when sending malicious Accept headers that are parsed with render file:...

Path Traversal in Action View

File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...