Code injection

Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation...

SUSE-SU-2021:3463-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in getsemelements. bsc1188921 - Prevent outdated pam files bsc1082293, bsc1081947c68. - Do not trim read-only volumes bsc1106214. - libmount: To prevent incorrect...

Crawlergo - A Powerful Browser Crawler For Web Vulnerability Scanners

crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. Th...

Concrete CMS: A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution

Hi, I 'm currently testing the latest concretecms on my own pc and found some security problems of file manager. Concretecms allows user to upload remote files via file manager. With some techniques to bypass restriction of this function, a evil user will be able to download arbitary php file int...

CVE-2021-21838

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that...

CVE-2021-21854

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflo...

CVE-2021-21852

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

NSClient++ 0.5.2.35 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with knowledge of t...

Gitlab 13.9.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/1125425...

CVE-2019-25036

A flaw was found in unbound. A reachable assertion in the synthcname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dnamepktcopy function. The highest threat from this vulnerability...

UBUNTU-CVE-2021-25215

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record...

CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting XSS. Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS...

Amnesia:33

Amnesia:33 is a group of 33 vulnerabilities in open-source TCP/IP stack libraries. The vulnerabilities may be present in a wide range of operational technology, IoT, and connected device implementations. Recent assessments: ccondon-r7 at December 08, 2020 9:05pm UTC reported: Sorta relying here o...

An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering aka CID-77377064c3a9.

...

CVE-2020-27152

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...

DEBIAN-CVE-2020-27152

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...

CVE-2020-27152

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...

UBUNTU-CVE-2020-27152

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...

CVE-2020-27152

CVE-2020-27152 affects the Linux kernel prior to 5.9.2 in arch/x86/kvm/ioapic.c (ioapic_lazy_update_eoi). The issue is an infinite loop caused by improper interaction between a resampler and edge triggering. Affected software: Linux kernel up to 5.9.1, with fixed 5.9.2 per ChangeLog-5.9.2. Exploi...

CVE-2020-27152

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...