Hardcoded credentials

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...

CVE-2019-13023

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...

Adobe Acrobat Reader DC Javascript submitForm Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to sensitive information disclose as well as memory corruption which can lead to...

CVE-2020-12784

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings SEC-505...

CVE-2020-12784

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings SEC-505...

Design/Logic Flaw

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings SEC-505...

CVE-2020-12784

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings SEC-505...

Ubuntu 20.04 LTS : PHP vulnerabilities (USN-4330-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4330-2 advisory. USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Tenable has extracted the preceding...

Ubuntu: Security Advisory (USN-4330-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4330-2 php7.4 vulnerabilities

USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash...

Httpgrep - Scans HTTP Servers To Find Given Strings In URIs

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H --== httpgrep by nullsecurity.net ==-- usage httpgrep -h -s opts | opts -h - single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24,...

OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-4330-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4330-1 advisory. It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-706...

USN-4330-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-7062 It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information...

USN-4330-1 php5, php7.0, php7.2, php7.3 vulnerabilities

It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-7062 It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information...

EulerOS 2.0 SP3 : coreutils (EulerOS-SA-2020-1374)

According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering...

Access Control Bypass

ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...

Denial Of Service (DoS)

samba is vulnerable to denial of service. The application does not verify device name and mountpoint strings, allowing local users to crash the application via a malicious string...

Denial Of Service (DoS)

kernel isvulnerable to denial of service DoS. The vulnerability exists as several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory...

Authorization Bypass

php is vulnerable to authorization bypass. A flaw was found in the handling of the "mbstring.funcoverload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte...