CVE-2019-7748

includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if users/admin/tasks.php exists...

TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency

A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...

MS04-022: A vulnerability in Task Scheduler could allow code execution

MS04-022: A vulnerability in Task Scheduler could allow code execution Microsoft has released security bulletin MS04-022. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete securit...

App Layering/Unidesk: vSphere ESX hosts in Maintenance Mode can unpredictably fail tasks

Tasks for operations on ESX hosts and VMFS datastores fail with errors about hosts losing connection or objects being in the wrong state...

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free

/ voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417 CVE-2017-13861, asyncwake, 1520 CVE-2018-4139,...

Microsoft Team Foundation Server Information Disclosure Vulnerability

Microsoft Team Foundation Server is a source code management, project management and team collaboration platform within the Application Lifecycle Management ALM suite of tools from Microsoft. The platform helps teams collaborate more flexibly and effectively and deliver high-quality software more...

Veeam Backup Enterprise Manager RESTful APIs Upgrade Instructions

Challenge Veeam Backup & Replication 9.5 Update 4 RTM is not compatible with the previous versions of API. Some integration may not work as expected. Cause Update 4 has introduced new Product functionality that requires extended API and incremented the required request version to v14. Solution Th...

Sql injection

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-usertasks.php showhistory parameter...

CVE-2018-20719

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-usertasks.php showhistory parameter...

CVE-2018-20719

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-usertasks.php showhistory parameter...

CVE-2018-20719

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-usertasks.php showhistory parameter...

@eclipse-che/theia-terminal (>=0.0.1-1552991237 <=0.0.1-1566494904), @theia/cpp (>=0.4.0-next.0ce38188 <=0.4.0-next.fc6e8217) +7 more potentially affected by CVE-2019-0542 via xterm (=3.9.1)

xterm NPM version =3.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on xterm and may be impacted: - @eclipse-che/theia-terminal =0.0.1-1552991237, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188,...

SUSE-SU-2019:0081-1 Security update for sssd

This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377 These non-security issues were fixed: - Fix a segmentation fault in ssscac...

MGASA-2019-0023 Updated ansible package fixes security vulnerability

It was found that when a retry task in ansible run with -vvv fails, it will log the raw return code, stdout and stderr from ssh which could have contained sensitive data CVE-2018-16876...

[SECURITY] Fedora 28 Update: ansible-2.7.5-1.fc28

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper today released proof-of-concept PoC exploit for a new zero-day vulnerability affecting Microsoft's Windows operating system. SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day...

CVE-2018-1000843

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

Cross site request forgery (csrf)

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

PYSEC-2018-11

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...