Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
f88f90111c84943c54ed30508e7ed962f3a207f681d0bc65500e35b684eb105b
The Deutsche Bahn Ticket Vending Machine suffers from a local kiosk privilege escalation vulnerability.
5971c4b58a7d2afbacc5c158f98dd5c786a8afaecb525b550f4c00f11d324b13
Red Hat Security Advisory 2019-4358-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. An issue was addressed where the credentials API allowed non-admin users to list and retrieve all users credentials.
8d64a15f8acd37509d405de1e4329f96f3110df713ea6216a2650682dc3e0346
Red Hat Security Advisory 2019-4356-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
75b2c23f16e2c56c47dd13c644fc7c0898bd6dcca7a91807c78a3eb2563846dc
Red Hat Security Advisory 2019-4357-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.
881de3defb7584bf97a9132a154940789ab184d3390211d15fe49e902e793ca6
Red Hat Security Advisory 2019-4353-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.
01e632f693290194f6decf41d319edc3180d561f66612a7500d6101d952f0ec1
Red Hat Security Advisory 2019-4326-01 - A library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
b9d0915061cf43dbc1453ef5fd0fb6b2e6ebe01cf43682aaa4f4195f863c6394
Red Hat Security Advisory 2019-4341-01 - An issue was resolved where Red Hat Quay stored robot account tokens in plain text.
cb4d46e0c022d28e2017f6f2cb80a4bc9bde13c8bc9b0a6bf487ad588d84fe19
Red Hat Security Advisory 2019-4352-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. Issues addressed include code execution, deserialization, and information leakage vulnerabilities.
f1533a79e96cd3429ddc8bf06dda73bd15b59ba3b3f8b62bdccf40e56138d887
Debian Linux Security Advisory 4589-1 - It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
81ed36fc1bdd6f0fc5538e25cf7ea4ef12558378dee24e75461bf5406b3f57fa
Ubuntu Security Notice 4224-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
2d00245a2e8b66cfc557ff1fb2cb66b61f72d82bf26c36911ca948106d412ecb
FTP Navigator version 8.03 suffers from a denial of service vulnerability.
df3768f34ad2879950a542bf6b7bf11a46a78c179afceef9114fda2622373ff6
Whitepaper called Don't Break The Door, The Key Is Under The Doormat.
e7e4105f7c52ed138e43edf0a901c3125fc58e88375089f39ed0a16c487ff549