MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.
beaafdc5dee4b589fa59d194bbcda3aad72131beb6a748f37bda94014f9e24e2
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96
qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.
7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3d
Debian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48
Debian Linux Security Advisory 4631-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.
672a8a4e95e604dea700f5a873d7d479e1ba2dc4114bd73eddf87bc4c9fac27f
Debian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).
f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590e
Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.
5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0
Debian Linux Security Advisory 4635-1 - Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code.
bc5aa8ca4bb689d45b2d9ca0ff9b6ade1a97168e14a988f3692f4ce913bfc8ae
Debian Linux Security Advisory 4636-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.
94cda4a539fb8acdae1d82380c87a8ef4be0d2f444897775ffb0061181a93953
This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.
6a0cab11f2e64f9df513d332add9505f86699b1e1ba54f3ff7ddc853a502e82f
Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0
SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.
f07b0cb7767fe9ecacd5cc0f2aacef08a3520cd39de4d809fae2a85d1b7c8bb0
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
5f5923ef4c3fee370ed0ca1bb324f37c246015eba4a7e74ab95d9208feeded79
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
a31c015afddef00022d3a2c0ab9383a616b6e6954cba467eb037d16b88aaac8c
Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.
94a7ebf02343bcb5014130974b28608217aeabf08433f8c6def9739ab81cea66
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a