ClamAV 0.102.0 - bytecode_vm Code Execution

ClamAV 0.102.0 - bytecodevm Code Execution !/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution

!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

Sandbox Breakout in realms-shim

Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting...

CVE-2019-13410

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

CVE-2019-13410

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

Information disclosure

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

CVE-2019-13410 TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information

TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...

CVE-2019-13410

TOPMeeting vulnerability CVE-2019-13410 affects TOPMeeting versions before 8.8. The issue is information disclosure: attendees’ accounts and passwords are exposed on a front-end page; an attacker can obtain this by inspecting the page source. Root cause: sensitive credentials displayed in the cli...

CVE-2017-15041

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...

FortiSIEM external authentication password reflected in external authentication profile

An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.This could potentially aggravate attacks targeting the authenticated admin session, should...

Directory Traversal and Arbitrary File Download Vulnerabilities in MayiCMS (Ant Classification Information System)

MayiCMS Ant Classified Information System is a php mysql based website builder. Ant Classifieds Information System suffers from directory traversal and arbitrary file download vulnerabilities. An attacker can obtain sensitive information by traversing the directory and downloading website source...

Logic flaw vulnerability in Ruoyi's backend management system

Ruoyi backend management system is based on SpringBoot2.0 rights management system . A logic flaw vulnerability exists in the Ruoyi Backend Management System. An attacker can view the source code to obtain a username and password to log in to the backend...

Syhunt Community 6.7 - Web And Mobile Application Scanner

Syhunt Community is a web and now mobile application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed...

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

CVE-2019-16409

CVE-2019-16409 affects the SilverStripe Versioned Files module up to version 2.0.3 on SilverStripe 3.x. Unpublished file versions are publicly exposed when their URLs are guessed, aided by knowledge of the module’s source code. The issue is a information disclosure due to insufficient access cont...

Chun technical blog team easy enterprise show integration 70C scene show source code system has unauthorized access vulnerability

Chun brother technology blog team is committed to sharing station building technology, micro letter development technology, custom development business source code system, custom development enterprise website, is a service small and medium-sized webmaster enterprise technology-based independent...

CVE-2019-16395

GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...

CVE-2019-16396

GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...

CVE-2019-16396

GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...