Oracle Linux 9 : buildah (ELSA-2024-8563)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8563 advisory. 1.33.10-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 2:1.33.10-1 - update to the latest content of...

CVE-2021-41067

An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation o...

Unspecified Vulnerability in Instant Update CMS

Instant Update CMS is an open source content management system CMS based on the NO template engine. A security vulnerability exists in the /iu-application/controllers/administration/auth.php file in Instant Update CMS. An attacker can exploit the vulnerability to take control of an account...

ThinkSAAS SQL注入漏洞打包6-10

简要描述： 详细说明： 上个注入大礼包，终于走了一个大厂商！ 看来还是打包来的划算，最后一个注入大礼包了。 这个漏洞完了，回给出修复方案，求给力！ 第一处SQL注入 /app/group/action/add.php // 执行发布帖子 case "do" : if $POST 'token' != $SESSION 'token' tsNotice '非法操作！' ; $authcode = strtolower $POST 'authcode' ; if $TSSITE 'base' 'isauthcode' if $authcode != $SESSION 'verify'...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 admin/menu.php and 2 library/lib.menu.php; and the adminroot parameter to 3...