SUSE: Security Advisory (SUSE-SU-2016:2305-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

selinux-policy bug fix and enhancement update

The selinux-policy packages contain the rules that govern how confined processes run on the system. Bug Fixes and Enhancements: SELinux is preventing systemd-sleep from 'read' accesses on the file swap in EC2 Hibernate BZ1890884...

LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection Google Dork: Unknown Date: 13-12-2020 Exploit Author: Hodorsec Vendor Homepage: https://www.librenms.org Software Link: https://github.com/librenms/librenms Update notice:...

Automattic: [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php

Summary Hello, i have found a SQLI Injection Time Based on https://www.intensedebate.com/changeReplaceOpt.php. The parameter $GET'acctid' is vulnerable. Detection I have inject a MySQL function sleep, and it works. GET /changeReplaceOpt.php?&opt=1&acctid=419523%20AND%20SLEEP15 HTTP/1.1 Host:...

GNOME security, bug fix, and enhancement update

dleyna-renderer 0.6.0-3 - Add a manual Resolves: 1612579 frei0r-plugins 1.6.1-7 - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz1703994 gdm 3.28.3-34 - Fix file descriptor leak Resolves: 1877853 3.28.3-33 - Fix problem with Xorg fallback...

U.S. Dept Of Defense: [████] SQL Injections on Referer Header exploitable via Time-Based method

Summary: SQL Injections on Referer Header exploitable via Time-Based method Description: https://owasp.org/www-community/attacks/SQLInjection Impact https://owasp.org/www-community/attacks/SQLInjection Step-by-step Reproduction Instructions First, vulnerable points:...

sleep-toy.com Cross Site Scripting vulnerability OBB-1414981

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

TimeClock Software 1.01 SQL Injection

!/usr/bin/python3 Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection Date: July 21, 2020 Exploit Author: François Bibeau Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90 Vendor Homepage: http://timeclock-software.net/ Software Link:...

sleep-toy.com Cross Site Scripting vulnerability OBB-1344339

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

sleep-toy.com Cross Site Scripting vulnerability OBB-1324119

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Mail.ru: Time-Based SQL injection at city-mobil.ru

Bind time-based SQL injection in https://city-mobil.ru/ due to unsafe usage of GET parameter JSON SLEEP PROFIT! P.S. Detail summary coming soon.... possibly... watch at https://blog.deteact.com...

DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins BTC, in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox,...

March 17, 2020—KB4541333 (OS Build 17134.1399)

March 17, 2020—KB4541333 OS Build 17134.1399 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update with...

xHCI driver crashes after you resume computer from sleep mode in Windows 8.1 or Windows Server 2012 R2

xHCI driver crashes after you resume computer from sleep mode in Windows 8.1 or Windows Server 2012 R2 This article describes an issue that occurs when you resume a computer from sleep mode in Windows 8.1 or Windows Server 2012 R2. You can resolve this issue by using the update or hotfix in this...

STOP Error 0x0000009F in DRIVER_POWER_STATE_FAILURE on Windows 8.1 when your computer resumes from sleep mode

STOP Error 0x0000009F in DRIVERPOWERSTATEFAILURE on Windows 8.1 when your computer resumes from sleep mode Symptoms Symptom 1 On a computer that's running Windows 8.1, you may receive a Stop error 0x0000009F in DRIVERPOWERSTATEFAILURE error message when your computer resumes from sleep mode...

MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]

Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on https://raebilling.mtn.co.za. Steps To Reproduce To reproduce, launch this request with BurpSuite This request to the https://raebilling.mtn.co.za/wls-wsat/CoordinatorPortType will trigger slee...

The vulnerability of the __sleep and __wakeup functions in the Symfony software development and management platform allows attackers to compromise data integrity.

The vulnerability of the sleep and wakeup functions in the Symfony software platform for web application development and management involves the restoration of unreliable information in memory. Exploiting this vulnerability can allow an attacker to compromise data integrity...

Citrix Receiver Error: "Check network connections" When iPad Goes into Sleep Mode

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. After unlocking the iPad the Citrix Receiver Shows the following message: Connection not possible...

CVE-2019-6190

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep S3 on systems with Intel TXT enabled...

phpMyChat Plus 1.98 SQL Injection

Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1.98 Tested on Windows 10/Kali Rolling The phpMyCh...