EgavilanMedia My To Do List version 1.0 suffers from a persistent cross site scripting vulnerability.
f233fa18dbd5fcbeaf2b183be2637b7e
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
04b9dc96de85204b9fc671e492fce443
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
75012bca2029a5ddfe8ad8255b3f5f1b
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
5d45ddf35f9f55300493bfefe8020924
SEOPanel version 4.6.0 suffers from multiple cross site scripting vulnerabilities.
1bc25ab0ee208b3cca430a4059f1b493
CHMSC Elearning System version 1.0 suffers from a remote SQL injection vulnerability.
77f57674def23ab3a7057704c263a411
URVE Software build version 24.03.2020 suffers from an information disclosure vulnerability that leaks passwords.
67a93118486c77b8f926ea8fde0d4842
URVE Software build version 24.03.2020 suffers from a missing authorization vulnerability.
21a202af48e3b2d3bba664981efd514b
Philips Hue hubs suffer from a denial of service vulnerability via simple SYN floods.
3fd9075a03a9baac3c178dfadfc51fde
URVE Software build version 24.03.2020 suffers from an authentication bypass that allows for remote code execution.
2558a7df11b7e0c0f83b775d7059d021
The 16th CarolinaCon was postponed in 2020 due to the pandemic but the conference will be hosted online in 2021. A new CFP has been announced.
2e1ac4156f59b933bd88b2086ce0d990
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.
a00ae15a323f6cf0ba8c86991a9f2707
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
1b01474e4efaa68a7ad929a93a98fd35
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
3061690f2afe841ba29e533a26372b79
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.
cb6db35d7f26517c312bbf4e1a19976e
Gentoo Linux Security Advisory 202012-24 - Multiple vulnerabilities have been found in Samba, the worst of which could result in a Denial of Service condition. Versions less than 4.12.9 are affected.
5bb991544b7b094ea08997f5d5fa0908
Gentoo Linux Security Advisory 202012-23 - A vulnerability has been discovered in Apache Tomcat that allows for the disclosure of sensitive information. Versions less than 8.5.60:8.5 are affected.
4b45bfe2024aae3d31806bf1ae19f590
Gentoo Linux Security Advisory 202012-22 - A buffer overflow in HAProxy might allow an attacker to execute arbitrary code. Versions less than 2.1.4 are affected.
cc63f4b1c5abcfdc237602d305cf4cd2
Gentoo Linux Security Advisory 202012-21 - A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. Versions less than 3.58 are affected.
099b9521757862123b4938671037ce9d
Gentoo Linux Security Advisory 202012-20 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 84.0 are affected.
e3745dbe6ac37ed3f38ad62cc7dea0ca
Gentoo Linux Security Advisory 202012-19 - A vulnerability in PowerDNS Recursor could lead to a Denial of Service condition. Versions less than 4.3.5 are affected.
bca7f54ceba881be5a65594892a18f34
Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
4533cad4ba378e377d042ba106f71deb
Gentoo Linux Security Advisory 202012-18 - An information disclosure vulnerability in PowerDNS allow remote attackers to obtain sensitive information. Versions less than 4.3.1 are affected.
c3f0b4988dbd837f82232d976e921338
Gentoo Linux Security Advisory 202012-17 - A local Denial of Service vulnerability was discovered in D-Bus. Versions less than 1.12.20 are affected.
982320c1adcfa69f4b83182f45d384ad
Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
96e08b0d750daa800cc55885a3ab17ec