The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by checking process of impersonation token which allow a user to inspect and potentially manipulate other users mounted encrypted volumes on the same machine.
b9912959dea9864927e9d66a4186b8a6617c45745645d5b82d3eaab9bff7b6aaThe openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
95f2345e041e9ba838ad8065b68ce0ec4b0971d7afc72d601489236bbfc0c652OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
7fd553ee39173e807477ed1daff6ee2f8b1c83875cd2e52a1df3315bf0015513Distro Checker is a tool written for doing cross distribution exploit testing.
022a90231764ed9b0e48572c61d2794b93fa205b0a56e7db376cd45c213afd39Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
ec2e393341678fc93eb61c1bbf9cdc6a0b41885d9bbd93b0417173fe657a7509PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel.
2d3631f3cae71c6c00737d58613810035ce43dc14bb280fe68f78f41a9cf3de0LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.
2e17ea86e3b7e6207891ab7629ef137a4bc24466fafb4299bf5316035b1c6609WordPress Easy2Map plugin version 1.2.9 suffers from local file inclusion and directory traversal vulnerabilities.
89fef2eb1e9eb1f0402391f86cf88a6187cef6759d3a1f9cfc03b88f6af502f4WordPress Easy2Map plugin version 1.2.9 suffers from a cross site scripting vulnerability.
2ceebaff32ed86949d742881d73497aeba9a509039ce1ebe306fea28e73f3d99WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.
77dc179cb529b870639eb019931596493779f2f1e32d9bd99a03db17385a4abcUbuntu Security Notice 2753-3 - USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a '/./' directory specified as a bind mount target in their configuration file. This update fixes the problem. Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Various other issues were also addressed.
26cfe085202e157543b578b53dca21709f264378e7890dda1284be96782f45a5Ubuntu Security Notice 2765-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
a12bd71a124e85e19f3a788a1278f193e178fe0de50b7d32497e92e8abeb282cUbuntu Security Notice 2764-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
84a1b1a86737830a22b5fbcfdec9a5049d08aa63490d2fee1fbb64f43b8f8e13Ubuntu Security Notice 2763-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
17ffac8653fbca12a326ebe188931aa55a7af3f3908f2c68ec9bdf4b050405a8Ubuntu Security Notice 2762-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
557d0378bcacaae31e66c9113d740c1cdcdd9aa403663541c724caadcc60c003Ubuntu Security Notice 2761-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
a921843058fb9a0df6031304ccdc763cd2c1f7532bf2b29ed722f2386692514cWordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.
2007df90ba493db7564966a60dc98a55c84ad721b9f2fc60ceb9f46ac334c43eLiferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.
e137181199945439684e4ea7bf1d423e31ddc64173fd464c512550a84430d277SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.
8bf06e8406bad27f08f2a97b4717d95fd3058836c68b4f936b0f9829a5665589ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.
f8c2df4202c241dffb8fdf7f5b2b23f85c16dc7b6036aaef2466f7f1c632fa98Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through the CMainThread::launchDownloader command.
d8d8aba2be2bbe07e77874ac6db9c506cab1e1e1d4012296e7b37ab6841902a0ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.
2a0797ba5acfc3ee0289de8d4ef17774c784e1c02fafa0180d9adb61c382dae0Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities.
af4316b3fe76f674686548d0a61b7526220457c2d325ea722aa52b51a1102270WordPress U-Design theme versions 2.3.0 through 2.7.9 suffer from a cross site scripting vulnerability.
a5fc153165fd8d5c3958ae8834b300fae1a0c7d6555f1e09c398f2b74c1082aeThis is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.
394a7921e89370c9d46b7105136fa1e127f06fefe2c6d6a4c8bb66f41b592170
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed