Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
e7438256b759cf939fd9c1c06d671b67Ubuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.
d99b67e87de86e39e67a7473af9d2565Red Hat Security Advisory 2021-0611-01 - The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly.
51f66ed8edce38b19efb2b9c4b34d91eGiven a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.
b4624391a09222a4116bec0705ce80b4This program demonstrates a time-of-check-time-of-use TOCTOU vulnerability in Firejail. Winning it causes Firejail to create an insecure overlayfs layout, that is then used to escalate privileges by making /etc/ld.so.preload user writable.
46b73dcb5fab3f322630255797e9c8f5Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.
e3e7583b332766aed829a8c80c341bffDue to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.
dc5c07944f96d4d9261f4fc7c3838ebaAn unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.
0f76303538e81a54f1a8afa8eb908e23dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.
b35c61735f270473a31e925b82681d2eWhen re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.
393c91771be975cf6c93cae48baaac28If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.
ed8e67d55a417eabcbc813bf6eeba9d9Online Exam System With Timer version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
932961570021ec25a49daf5395158925Beauty Parlour Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
e9aca58f9670c3d1db7818d087e48cccBeauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Prof. Kailas Patil in June of 2020.
fb2705159935e02c9c63471174893ff6Backdoor.Win32.Bionet.10 malware has an ftp service that allows for anonymous login.
17803aed7636479ba3f6b2e26a546cedComment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
6997a61d360f295bdd36ac877a4726dcBackdoor.Win32.DarkKomet.apcc malware suffers from an insecure permissions vulnerability.
85fc80fb3bc90a30ac42224d63b0242eBackdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.
2495a3e669e584f4844ea3d7f7403027OpenText Content Server version 20.3 suffers from multiple persistent cross site scripting vulnerabilities.
57cc336e2265f5c56aae7c4279e49c50This is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.
b43cb5c01e20a16db9784dcffb0c586f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed