CBL Mariner 2.0 Security Update: binutils (CVE-2022-47011)

The version of binutils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-47011 advisory. - An issue was discovered function parsestabstructfields in stabs.c in Binutils 2.34 thru 2.38, allows...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50019)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50019 advisory. - In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50142)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50142 advisory. - In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using ...

Mozilla Thunderbird < 115.18

The version of Thunderbird installed on the remote Windows host is prior to 115.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-70 advisory. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XS...

[SECURITY] Fedora 40 Update: python3.9-3.9.21-1.fc40

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

CVE-2024-55652

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

GitLab 17.3 < 17.4.6 / 17.5 < 17.5.4 / 17.6 < 17.6.2 (CVE-2024-8179)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in GitLab CVE-2024-8179 Note that Nessus has not tested for this issue but has instead relied only on the application...

CVE-2024-55652 PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

CVE-2024-55652

CVE-2024-55652 affects PenDoc (also referenced as PwnDoc) where, prior to a particular commit, an attacker able to control a DOCX template could inject expressions that escape the JavaScript sandbox and execute arbitrary code on the host. The root cause is a template processing flaw that allowed ...

The vulnerability of the SAP NetWeaver Administrator software-related to insufficient validation of requests on the server side allows a attacker to execute an SSRF attack.

The vulnerability of the SAP NetWeaver Administrator software relates to insufficient testing of server-side requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

Oracle Siebel CRM (April 2016 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2016 CPU advisory. - Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: UIF Open UI. Supported versions that are affected are 8.1.1...

Malicious code in testing-bounty123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3baf10e9fd106ea680be856387e7922e4a863a1eaf02c4fab1aaff60e537dfbd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11230 Malicious code in testing-bounty123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3baf10e9fd106ea680be856387e7922e4a863a1eaf02c4fab1aaff60e537dfbd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-55268

A Reflected Cross Site Scripting XSS vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter...

CVE-2024-55268

A Reflected Cross Site Scripting XSS vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter...

CVE-2024-55268

A Reflected Cross Site Scripting XSS vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter...

PHPGurukul COVID 19 Testing Management System 安全漏洞

PHPGurukul COVID 19 Testing Management System is a COVID 19 testing management system from PHPGurukul Inc. A security vulnerability exists in version 1.0 of the PHPGurukul COVID 19 Testing Management System that stems from vulnerability to reflective cross-site scripting attacks...

CVE-2024-55268

CVE-2024-55268 describes a reflected XSS in the PHPGurukul COVID 19 Testing Management System 1.0. Affected component: /covidtms/registered-user-testing.php. Root cause: vulnerable handling of the regmobilenumber parameter enabling a reflected XSS that could allow a remote attacker to execute arb...

Oracle Linux 9 : redis:7 (ELSA-2024-10869)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10869 advisory. 7.2.6-1 - rebase to 7.2.6 RHEL-26628 7.0.12-1 - rebase to 7.0.12 2221899 7.0.11-1 - rebase to 7.0.11 for new redis:7 stream 2129826 7.0.11-1 - Upstrea...

CVE-2024-55268

A Reflected Cross Site Scripting XSS vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter...