sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
a9d7bfaaf92f19c1ed60b95a08605587d7c898a4d417af93dce53aef37b14ae0
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
1a171081f02b9a6ff9e28c0898defb7670e5bbb3bdbcaddfcf4e4304aedd164a
Ubuntu Security Notice 3807-1 - Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.
1672bb9fbccc6d9a67d8cc1843252d71333c8f230d66040bb5bbbb3f13136bd9
This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.
1a4e5d53d0016bdb16eb6f683c07b76aba09a90bfa3bac11eb076eeaae1e53ef
This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.
d34fb14aa9b4338617c18788b969d61c2e2bb73edfa259074f37f0336142d5c4
This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg.
5f407350c1d9280dd4c5077754d558bd32be9404ebe5f76676b4a472abb2658d
Red Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.
9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5
Voovi Social Networking Script version 1.0 suffers from a remote SQL injection vulnerability.
f0128d91339dcb1d04443269eb6a3215882d95f15112863f14f727f018d20927
Red Hat Security Advisory 2018-3500-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a buffer over-read vulnerability.
0d5f60c494cc3604270bf4eaaf205f10c2b734964f2470dcd3070fb4057fce86
CMS Made Simple version 2.2.7 suffers from a remote code execution vulnerability.
e30f665c7a1302099ce1c4a4bf718d695d37f2d86f461be39a21d97d6cc215c3
This Microsoft bulletin summary lists CVEs that have undergone a major revision increment.
1c997eefe07f343e4712019c94452ef9d4211e64a50c53e1dcbf0f5060e96498
Ubuntu Security Notice 3806-1 - Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.
6d13a38ec3abb0e91c22eac28ed96584407b6677a1bca9ab9e9cd4ddac837b0c
PHP Proxy version 3.0.3 suffers from a local file inclusion vulnerability.
dffb16fd5dcca96ba5c62bd762844e37e240a8911e5830318f355543e1b23cce
CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote root command execution.
5a8b5c22b6f88d4b23b7a0d7443350b170fd00adeeb921e879705dd19fe1cdd5
Red Hat Security Advisory 2018-3466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a code execution vulnerability.
5598621deef059703cd9fbb8a0f15cba0a7fbdec712ed1910dcded698d246f26
Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.
c5e83e4d632eb4ecdf7f9534db18247f1f4023aef92c224a8d390573271de393
Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay.
8ca11f831d3820d1e2339af6e707d00282811fa4d36b64506d31c2b57b55f2ff
Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
d563070f90b89436eb2c6f216fcab2f75a1e9b175eab98ac4ca00e526a5582cf
Poppy Web Interface Generator version 0.8 suffers from a remote shell upload vulnerability.
077897c8fd808b60282ea8e15bbee367aa94c4a6e2099d20c298453f0016fa59
Red Hat Security Advisory 2018-3463-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.
650cc5315ccc3572e4d6d59101aab66a9452c810c6438274c95814e1900f1b0e
Virgin Media Hub version 3.0 suffers from a denial of service vulnerability.
add8681e43a28798bae5acfabda6890368cca92703d076779185d29568b13f6f
WebVet version 0.1a suffers from a remote SQL injection vulnerability.
f586c0d26d82a89f58b8dcd7cd412986c57964013e15dd45971a4226b4f8e032
Red Hat Security Advisory 2018-3461-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability. m
f5964e0831c98e55dd590e18d941c2549dccc4c57b5090895a9215207d0f26d5
Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability.
54655f065e3a495129a4eb8059227b2933475527411c65bf1abae23771430c88
Red Hat Security Advisory 2018-3462-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.
3a1e4a003455bc9744f0cfef7e2f6dda0966b038420f4b2e8e199c186b65f635