Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
e7438256b759cf939fd9c1c06d671b67
Ubuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.
d99b67e87de86e39e67a7473af9d2565
Red Hat Security Advisory 2021-0611-01 - The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly.
51f66ed8edce38b19efb2b9c4b34d91e
Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.
b4624391a09222a4116bec0705ce80b4
This program demonstrates a time-of-check-time-of-use TOCTOU vulnerability in Firejail. Winning it causes Firejail to create an insecure overlayfs layout, that is then used to escalate privileges by making /etc/ld.so.preload user writable.
46b73dcb5fab3f322630255797e9c8f5
Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.
e3e7583b332766aed829a8c80c341bff
Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.
dc5c07944f96d4d9261f4fc7c3838eba
An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.
0f76303538e81a54f1a8afa8eb908e23
dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.
b35c61735f270473a31e925b82681d2e
When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.
393c91771be975cf6c93cae48baaac28
If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.
ed8e67d55a417eabcbc813bf6eeba9d9
Online Exam System With Timer version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
932961570021ec25a49daf5395158925
Beauty Parlour Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
e9aca58f9670c3d1db7818d087e48ccc
Beauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Prof. Kailas Patil in June of 2020.
fb2705159935e02c9c63471174893ff6
Backdoor.Win32.Bionet.10 malware has an ftp service that allows for anonymous login.
17803aed7636479ba3f6b2e26a546ced
Comment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
6997a61d360f295bdd36ac877a4726dc
Backdoor.Win32.DarkKomet.apcc malware suffers from an insecure permissions vulnerability.
85fc80fb3bc90a30ac42224d63b0242e
Backdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.
2495a3e669e584f4844ea3d7f7403027
OpenText Content Server version 20.3 suffers from multiple persistent cross site scripting vulnerabilities.
57cc336e2265f5c56aae7c4279e49c50
This is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.
b43cb5c01e20a16db9784dcffb0c586f