5327 matches found
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
Command injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
CVE-2018-6574
Removed by vendor...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
Debian: Security Advisory (DLA-1108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mail.ru: [mobs.mail.ru] nginx path traversal via misconfigured alias
Domain, site, application -- mobs.mail.ru Steps to reproduce -- http://mobs.mail.ru/media../mobs/settings.py Actual results -- py ... SECRETKEY = '████████████' ... DISTIMOPRIVATEKEY = '████████████' ... PoC, exploit code, screenshots, video, references, additional resources --...
Arbitrary File Read Vulnerability in LFCMS Version 3.4.0
LFCMS is a film and television content management system developed in PHP and based on THINKPHP framework suitable for all kinds of video, film and television websites. LFCMS 3.4.0 version of the arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the source code o...
YidaCMS Web Management System JS1.8.0 Version Exists Arbitrary File Read Vulnerability
YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS website management system JS1.8.0 version exists arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the website source code information...
WordPress: [support.wordcamp.org] - publicly accessible .svn repository
Hi Team, Found that .svn repo is publicly accessible. We can verify it by loading https://support.wordcamp.org/.svn/entries in any browser. This is very dangerous as an attacker may download entire source code. More details about this vulnerability provided here:...
VK.com: Backup Source Code Detected
Старый сборщик логов. Старый сборщик логов. Который я увидел а также получил доступ к бд !...
The vulnerability of the CX-Programmer and micro-programming software of PLC Omron CJ2M and Omron CJ2H lies in the reversibility of the password encoding method. This allows attackers to obtain access passwords to the controllers.
The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, as well as Omron microcontrollers like CJ2M and CJ2H, is related to the reversibility of the password encoding method. Exploiting thi...
Updated golang packages fix security vulnerabilities
An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...
PrestaShop Cross-Site Scripting Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.2.4. A remote...
YUNUCMS 1.0.6 Arbitrary File Deletion Vulnerability
YUNUCMS is a three-network, open source content management system with its own substation system. YUNUCMS 1.0.6 version of the existence of arbitrary file deletion vulnerability, an attacker can exploit the vulnerability by deleting the install.lock for source code reloading, can delete any file...
Kaseya VSA R9.2 Arbitrary File Read Vulnerability
A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server including source code of Kaseya, the database backups, configuration files, and even...
Kaseya VSA R9.2 Arbitrary File Read
------------------------------------------------------------------------ Arbitrary file read in Kaseya VSA ------------------------------------------------------------------------ Kin Hung Cheng, Robert Hartshorn, May 2017 ------------------------------------------------------------------------...
sdrtrunk - Tool For Decoding, Monitoring, Recording And Streaming Trunked Mobile And Related Radio Protocols Using Software Defined Radios (SDR)
A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios SDR. Getting Started User's Manual Version 0.3.0 Download Support Figure 1: sdrtrunk Version 0.3.0 Application Screenshot End User...
Code injection
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages Edit page" screen...