EulerOS Virtualization for ARM 64 3.0.1.0 : setup (EulerOS-SA-2019-1409)

According to the version of the setup package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to...

April 25, 2019—KB4493440 (OS Build 16299.1127)

April 25, 2019—KB4493440 OS Build 16299.1127 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change plea...

Important: Red Hat Security Advisory: rhvm-setup-plugins security and bug fix update

An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Shr3dKit

This is an offensive tool for Red Team operations. The tool kit, named Shr3dKit, is a collection of scripts and tools for various stages of a Red Team engagement, including reconnaissance, weaponization, delivery, command and control, lateral movement, establishing a foothold, escalating...

DoorGets Sensitive Information Disclosure Vulnerability

DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /setup/temp/admin.php and /setup/temp/database.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain the administrator password...

Fedora 30 : 1:gnome-bluetooth / at-spi2-core / atomix / bijiben / containers / etc (2019-ac2a21ff07)

This update fixes a bug in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all...

CVE-2019-11616

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password...

CVE-2019-11616

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password...

CVE-2019-11616

CVE-2019-11616 affects doorGets 7.0. The vulnerability is a sensitive information disclosure in /setup/temp/admin.php and /setup/temp/database.php, allowing a remote unauthenticated attacker to obtain the administrator password. Affected software: doorGets 7.0 (web CMS). Root cause and vector det...

MODX setup/ Directory Site Exploit

There is currently an active exploit of sites with an intact MODX Revolution setup/ directory. This can give anyone on the internet complete access to your site and possibly your server with trivial effort. This directory should never be left in place once a site is installed. You can check if yo...

Oracle Application Testing Suite DownloadServlet Directory Traversal Remote Code Execution

Oracle Application Testing Suite versions 13.3.0.1 and prior are vulnerable to a directory traversal attack. An attacker could leverage this to steal sensitive credentials, decrypt them, gain privileges, and get remote code execution. Recent assessments: wchen-r7 at May 09, 2019 5:57pm UTC...

CVE-2019-2026

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Authentication flaw

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2019-2026

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2019-2026

CVE-2019-2026 affects Android 8.0 Framework. In Editor.java’s updateAssistMenuItems, a missing permission check could allow local escalation of privilege and FRP bypass with no user interaction. The Android 2019-04-01 bulletin lists CVE-2019-2026 as a Framework EoP (High) issue for 8.0, indicatin...

[SECURITY] Fedora 30 Update: gnome-initial-setup-3.32.1-2.fc30

GNOME Initial Setup is an alternative to firstboot, providing a good setup experience to welcome you to your system, and walks you through configuring it. It is integrated with gdm...

[SECURITY] Fedora 30 Update: gnome-control-center-3.32.1-2.fc30

This package contains configuration utilities for the GNOME desktop, which allow to configure accessibility options, desktop fonts, keyboard and mouse properties, sound setup, desktop theme and background, user interface properties, screen resolution, and other settings...

kubernetes kubeadm-upgrade kubeadm-ha-setup security update

kubernetes 1.12.7-1.1.2 - OLCNE-257 fix coredns issue and minor upgrade issue 1.12.7-1.1.1 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.12.7-1.0.1 - Add Oracle Build Files For Version v1.12.7 kubeadm-upgrade 0.0.1-1.0.22 -- Bump up 1.12.7 version for...

Fedora Update for gnome-boxes FEDORA-2019-b2d986c3e9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ruby on Rails: File writing by Directory traversal at actionpack-page_caching and RCE by it

I found a directory traversal in actionpack-pagecaching. Some code may lead to RCE. https://github.com/rails/actionpack-pagecaching/blob/master/lib/actioncontroller/caching/pages.rbL143 ruby def cachefilepath, extension if path.empty? || path = %r\A/+\z name = "/index" else name =...