Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Ubuntu Security Notice USN-7091-1
Ruby Files ≈ Packet Storm Nov 5, 2024 | 15:22 pmUbuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash,[…]
Read more... -
Ruby-SAML / GitLab Authentication Bypass
Ruby Files ≈ Packet Storm Oct 7, 2024 | 14:14 pmThis script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below[…]
Read more... -
Debian Security Advisory 5774-1
Ruby Files ≈ Packet Storm Sep 23, 2024 | 14:43 pmDebian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in[…]
Read more... -
Red Hat Security Advisory 2024-6784-03
Ruby Files ≈ Packet Storm Sep 19, 2024 | 13:39 pmRed Hat Security Advisory 2024-6784-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2024-6785-03
Ruby Files ≈ Packet Storm Sep 19, 2024 | 13:39 pmRed Hat Security Advisory 2024-6785-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more... -
Ruby On Rails JSON Processor YAML Deserialization Scanner
Ruby Files ≈ Packet Storm Sep 1, 2024 | 17:10 pmThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor.
Read more... -
Ruby On Rails XML Processor YAML Deserialization Scanner
Ruby Files ≈ Packet Storm Sep 1, 2024 | 16:04 pmThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor.
Read more... -
Ruby On Rails Devise Authentication Password Reset
Ruby Files ≈ Packet Storm Aug 31, 2024 | 21:43 pmThe Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of arbitrary[…]
Read more... -
Apple TV Video Remote Control
Ruby Files ≈ Packet Storm Aug 31, 2024 | 21:27 pmThis Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list[…]
Read more... -
Ruby On Rails File Content Disclosure
Ruby Files ≈ Packet Storm Aug 31, 2024 | 19:37 pmThis Metasploit module uses a path traversal vulnerability in Ruby on Rails versions 5.2.2 and below to read files on a target server.
Read more...
Published in: Script Security
-
PHP-CGI Argument Injection Remote Code Execution
PHP Files ≈ Packet Storm Nov 14, 2024 | 15:42 pmProof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
Read more... -
PHP-CGI Argument Injection Susceptibility Scanner
PHP Files ≈ Packet Storm Nov 14, 2024 | 15:37 pmThis is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a[…]
Read more... -
Debian Security Advisory 5809-1
PHP Files ≈ Packet Storm Nov 12, 2024 | 15:10 pmDebian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.
Read more... -
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass
PHP Files ≈ Packet Storm Nov 1, 2024 | 15:08 pmABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By[…]
Read more... -
SmartAgent 1.1.0 Remote Code Execution
PHP Files ≈ Packet Storm Nov 1, 2024 | 14:54 pmSmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
Read more... -
ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration
PHP Files ≈ Packet Storm Oct 30, 2024 | 15:34 pmABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication,[…]
Read more... -
ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure
PHP Files ≈ Packet Storm Oct 30, 2024 | 15:32 pmABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to[…]
Read more... -
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control
PHP Files ≈ Packet Storm Oct 30, 2024 | 15:31 pmABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php[…]
Read more... -
ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service
PHP Files ≈ Packet Storm Oct 30, 2024 | 15:28 pmABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to[…]
Read more... -
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download
PHP Files ≈ Packet Storm Oct 30, 2024 | 15:26 pmABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying[…]
Read more...
Published in: Script Security
-
PHP-CGI Argument Injection Remote Code Execution
CGI Files ≈ Packet Storm Nov 14, 2024 | 15:42 pmProof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
Read more... -
PHP-CGI Argument Injection Susceptibility Scanner
CGI Files ≈ Packet Storm Nov 14, 2024 | 15:37 pmThis is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a[…]
Read more... -
Debian Security Advisory 5780-1
CGI Files ≈ Packet Storm Oct 3, 2024 | 13:50 pmDebian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
Read more... -
Ubuntu Security Notice USN-7049-1
CGI Files ≈ Packet Storm Oct 2, 2024 | 13:55 pmUbuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly[…]
Read more... -
Supermicro Onboard IPMI CGI Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:45 pmThis Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more... -
Zen Load Balancer Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:40 pmThis Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
DnaLIMS Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:34 pmThis Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more... -
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:28 pmThis Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more... -
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:27 pmThis Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more... -
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:15 pmThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more...
snaplitics made a real revolution in the industry.
Published in: Script Security
-
Red Hat Security Advisory 2024-9481-03
Python Files ≈ Packet Storm Nov 13, 2024 | 15:44 pmRed Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.
Read more... -
Red Hat Security Advisory 2024-9423-03
Python Files ≈ Packet Storm Nov 13, 2024 | 15:42 pmRed Hat Security Advisory 2024-9423-03 - An update for python-dns is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2024-9281-03
Python Files ≈ Packet Storm Nov 13, 2024 | 15:40 pmRed Hat Security Advisory 2024-9281-03 - An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9.
Read more... -
Red Hat Security Advisory 2024-9150-03
Python Files ≈ Packet Storm Nov 13, 2024 | 15:37 pmRed Hat Security Advisory 2024-9150-03 - An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.
Read more... -
Scapy Packet Manipulation Tool 2.6.1
Python Files ≈ Packet Storm Nov 5, 2024 | 15:28 pmScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
Red Hat Security Advisory 2024-8834-03
Python Files ≈ Packet Storm Nov 5, 2024 | 15:18 pmRed Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.
Read more... -
Grafana Remote Code Execution
Python Files ≈ Packet Storm Oct 24, 2024 | 13:37 pmThis repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible[…]
Read more... -
Red Hat Security Advisory 2024-8365-03
Python Files ≈ Packet Storm Oct 24, 2024 | 13:23 pmRed Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.
Read more... -
Debian Security Advisory 5795-1
Python Files ≈ Packet Storm Oct 22, 2024 | 15:51 pmDebian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
Read more... -
Red Hat Security Advisory 2024-8105-03
Python Files ≈ Packet Storm Oct 15, 2024 | 14:04 pmRed Hat Security Advisory 2024-8105-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4[…]
Read more...
Published in: Script Security
