Courier: Missing rate limit in signup Form

Hello Team , Description When signing up for an account, you enter your email. When this email is already in use, the server responds with "UserConfirmed":true,"UserSub":"ae294fff-6d55-407d-9676-1f3518029037" This in not a problem, but the fact that you could send this request unlimited times is...

Bludit 3.9.12 - Directory Traversal

Exploit Title: Bludit 3.9.12 - Directory Traversal Date: 2020-06-05 Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/env python3 -- coding: utf-8 -- import...

Fedora 31 : php-phpmailer6 (2020-6d2e1105f2)

This is a security release, with some other minor changes. For full details, refer to the advisory. - SECURITY Fix insufficient output escaping bug in file attachment names. CVE-2020-13625. Reported by Elar Lang of Clarified Security. - Correct Armenian ISO language code from am to hy, add mappin...

Fedora 32 : php-phpmailer6 (2020-d67df93aa6)

This is a security release, with some other minor changes. For full details, refer to the advisory. - SECURITY Fix insufficient output escaping bug in file attachment names. CVE-2020-13625. Reported by Elar Lang of Clarified Security. - Correct Armenian ISO language code from am to hy, add mappin...

JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...

Astsu - A Network Scanner Tool

How it works Scan common ports Send a TCP Syn packet to the destination on the defined port, if the port is open, use an nmap scan to check the service running on the port and prints all the ports found. Discover hosts in network Uses as a base the router's ip to map all possible ips. It then sen...

CVE-2020-13849

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...

CVE-2020-13849

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...

Design/Logic Flaw

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...

CVE-2020-13849

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...

Linux kernel denial of service vulnerability (CNVD-2020-32620)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'prbcalcretireblktmo' function in the net/packet/afpacket.c file in versions of Linux kernel prior to 5.4.7. An attacker can...

SUSE-SU-2020:1423-1 Security update for mariadb-connector-c

This update for mariadb-connector-c fixes the following issues: Security issue fixed: - CVE-2020-13249: Fixed an improper validation of OK packets received from clients bsc1171550. Non-security issues fixed: - Update to release 3.1.8 bsc1171550 CONC-304: Rename the static library to libmariadb.a...

Unable to manage PVS farm 'Server connection timeout’ error.

Unable to manage PVS farm, we get ‘Server connection timeout’ error...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PAN-OS: Panorama context switch session cookie disclosure

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama versio...

Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests

Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...

How to Adjust the Veeam Service Provider Console Web UI Session Timeout

Purpose This article documents how to modify the Veeam Service Provider Console configuration to adjust the Web UI timeout. The default Web UI timeout is 1 hour, and tokens are good for up to 48 hours. Solution Tip: Use the copy button in the text blocks below to simplify specifying which file to...

Cisco Firepower Threat Defense Software Management Interface Denial of Service Vulnerability

A vulnerability in how Cisco Firepower Threat Defense FTD Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service DoS condition...

Saltstack 3000.1 Remote Code Execution

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

Code injection

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...