This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.
255a53ba4764640c38d52b8d61674d66f25d7a11c08ebc0d8b26cc5cdb1d4ace
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
e17ec487b5bcb76bdf381605596feb077b4100ab38b087c6f1422c6f46bc242e
Ubuntu Security Notice 4672-1 - Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.
a8a4d39eefa2e3b6acfd481a7ac1feef2ae8b8d70e10501df13be1e31d635e61
Library Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d7ff94cb2599800fc55221f73773e40c3d163b7d02b6cbae712597111cc16af6
Red Hat Security Advisory 2020-5623-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
20fe325a75817dc078bbf02d4ebf363e6877cc81d75d350011ca8707fb14621e
Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities.
04c859b1aa0ff2ebf67a2432da09120d4b5948555291b55a2cd9d75664c327f7
Nxlog Community Edition version 2.10.2150 denial of service proof of concept exploit.
0eb999a84b952c80f915543ca4ba78c6be29d0c9ed0da9b97b41edc99792f18f
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.
54396ecfd1b66aed9f010f421531333fb6ee5cf355c17da0019935bb3b4af762
Red Hat Security Advisory 2020-5625-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.0 serves as a replacement for Red Hat Single Sign-On 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
70131bf4f83180650ef27b01984389041b97fdd31170c21e91c27de8a903b7cd
PHPJabbers Appointment Scheduler version 2.3 suffers from a cross site scripting vulnerability.
3f3a382ddbe5315a04dd191f3e4bfed9e6780f72a7ee0ec61bc3039d40259c90
Online Health Care System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6385be433ac2bac69d24dcebeeea53219e16cb129a5f17431d97500368544b0d
Red Hat Security Advisory 2020-5624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
d73da8cf8633196724190d037d4a637357e4de5ee22c53686602843ab37dc815
Employee Record System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
da07a2df900995505f29f449d1b5d812c5de81f524986ef642831c591946d9f4
Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
b2b0f7de039f1a8e3b9d46d7a49dcf05080284c2c23d1e3029fc7f08319b72e3
Red Hat Security Advisory 2020-5622-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
3299b101c23ed4bdd8c74390c6aba9ffe059b2263c73916da04da21a12f82872
Red Hat Security Advisory 2020-5620-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an improper authorization vulnerability.
f937ce328298951a6865cc37e46d7b9becd3aac39745a2ad01d58ea343d5d19e
Victor CMS version 1.0 suffers from multiple authenticated remote SQL injection vulnerabilities. SQL injection was originally discovered in this version in May of 2020 by BKpatron.
f48bb0c997f689cac22e26e5304b9bbed6dc8a4db72d5ceb141619a511ea1b3a
Red Hat Security Advisory 2020-5619-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
407d4f3563df87f09a41769971ffefd0517847258ae8f27bbcbad2bea937ab63
Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
fd2e5fb6a7e13e52e74f22c818d7fc27235bef8e92fc5eb59244cac165226f67
Red Hat Security Advisory 2020-5618-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
cb7596a1511b1dcddcb41ae11f83810a42ffe8d9d5cb65daab66fd2776e78a04
Red Hat Security Advisory 2020-5611-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.
192d7dd45cb26bad9486336a5dcc4f19fd6da1a38be38c67c8765e1bd2b5c2df
Content Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
33b220bab201711f1225c009ad41156de09be23907aeb0c6a2a0324ab4807c59
Content Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
5bb87f9342b208033b233612b140cbbc359763717d71bca4168328e590873851
Red Hat Security Advisory 2020-5607-01 - The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fix: When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " " suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
848584ed781b2f3e4c365df883a4c0051e5d8e774a24d2e9d6909b454e0dac68
Linksys RE6500 version 1.0.11.001 unauthenticated remote code execution exploit.
9efc9ac468518ee2905498668bcc7c0449034c86f3cda495c0476099603232f6