testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
This Metasploit module has been tested on a Wemo-enabled Crock-Pot, but other Wemo devices are known to be affected, albeit on a different RPORT (49153).
FaceTime suffers from a memory corruption vulnerability in texture processing.
Microsoft Edge has an issue where the default flash click2play whitelist is insecure.
On Android, a ptrace hold makes the seccomp filter useless on devices with a kernel with a version lower than 4.8.
Red Hat Security Advisory 2019-0373-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2019-0380-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.6 serves as a replacement for Red Hat Single Sign-On 7.2.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
MaxxAudio Drivers WavesSysSvc64.exe version 1.6.2.0 suffers from a file permission privilege escalation vulnerability that results in SYSTEM level access.
Typo3 CMS Shop System tt_products version 2.9.4 suffers from a remote SQL injection vulnerability.
This write up contains details on how to perform remote code execution within Jenkins.
Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.
Typo3 CMS T3 EasyEvent tx_easyevent_pi1 version 0.37.3 suffers from a remote SQL injection vulnerability.
WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities.
Typo3 CMS Realty Manager tx_realty_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.
Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.
Typo3 CMS Commerce DAM connector tx_commerce_pi1 version 0.1.0 suffers from a remote SQL injection vulnerability.
Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities.
XAMPP version 5.6.8 suffers from cross site scripting and remote SQL injection vulnerabilities.
NetSetMan version 4.7.1 suffers from a denial of service vulnerability.
Typo3 Calendar Base tx_pxkalender_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.
Typo3 CMS BrowserMaps Leaflet Tutorial tx_browser_pi1 version 8.0.39 suffers from a remote SQL injection vulnerability.
Joomla JWallPapers component version 2.0.1 suffers from cross site request forgery and remote shell upload vulnerabilities.
eDirectory suffers from file disclosure and remote SQL injection vulnerabilities.
BulletProof FTP Server version 2019.0.0.50 suffers from a denial of service vulnerability.
Valentina Studio version 9.0.4 suffers from a denial of service vulnerability.
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed