Mail.ru: [windows10.hi-tech.mail.ru] Blind SQL Injection

Доброе утро! Сегодня удалось найти у вас слепую скулю, правда она снова вне скопа походу URL: https://windows10.hi-tech.mail.ru/api/tweets?cityid=select0fromselectsleep25v Request: GET /api/tweets?cityid=select0fromselectsleep25v HTTP/1.1 Host: windows10.hi-tech.mail.ru User-Agent: Mozilla/5.0 X1...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

DEBIAN-CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

UBUNTU-CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20444

CVE-2019-20444: Netty HttpObjectDecoder allows a header without a colon, enabling possible HTTP request smuggling/invalid fold. Affected: IBM StreamSets Data Collector 5.0.0–6.4.1 (per IBM bulletin). Root cause: HttpObjectDecoder handling of malformed headers. Remediation (documented): upgrade to...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

The vulnerability of the XML platform’s syntactic analyzer, which is designed to enhance the effectiveness of educational materials and documentation. SAP Enable Now allows unauthorized access to protected information.

The vulnerability of the XML syntax analyzer on the SAP Enable Now platform, which is designed to improve the effectiveness of educational materials and documentation, is related to errors in XML link restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access ...

SRC-2021-0002 : CSCart templates.manage Server Side Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of CSCart. Authentication is required to exploit this vulnerability with the Files privilege. The specific flaw exists within the templates.manage dispatch method. The issue resul...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1547)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link:...

CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

CVE-2020-6163

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template in the templates/search/PropertySuggestionsWidget.mustache+dom file...

The vulnerability of the YAML syntax analyzer library used in Kubernetes cluster management software allows a attacker to trigger a service failure.

The vulnerability of the YAML syntax analyzer library used in Kubernetes cluster management software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Security fix for the ALT Linux 9 package clamav version 0.101.5-alt1

0.101.5-alt1 built Nov. 28, 2019 Sergey Y. Afonin in task 241709 Nov. 26, 2019 Sergey Y. Afonin - 0.101.5 CVE-2019-15961 - fixed tests for libcheck 0.13.0 clamav-0.101.5-libcheck-0.13.0.patch - updated License tag to SPDX syntax needs revision of exceptions - removed rpm-build-licenses from...

Security fix for the ALT Linux 8 package clamav version 0.101.5-alt1

Nov. 26, 2019 Sergey Y. Afonin 0.101.5-alt1 - 0.101.5 CVE-2019-15961 - fixed tests for libcheck 0.13.0 clamav-0.101.5-libcheck-0.13.0.patch - updated License tag to SPDX syntax needs revision of exceptions - removed rpm-build-licenses from BuildRequires...

PT-2019-15802 · Python +1 · Typed Ast +1

Name of the Vulnerable Software and Affected Versions: typed ast versions 1.3.0 through 1.3.1 Description: The issue is related to an out-of-bounds read in the ast for arguments function. An attacker who can cause a Python interpreter to parse Python source code, but not necessarily execute it, m...

Security fix for the ALT Linux 10 package clamav version 0.101.5-alt1

Nov. 26, 2019 Sergey Y. Afonin 0.101.5-alt1 - 0.101.5 CVE-2019-15961 - fixed tests for libcheck 0.13.0 clamav-0.101.5-libcheck-0.13.0.patch - updated License tag to SPDX syntax needs revision of exceptions - removed rpm-build-licenses from BuildRequires...