Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.
7265358e3e4327bc951c92f719451fce4a2ce957a5c1a6bde9f57d3d6646ee0f
Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.
99282d0ad093fb7f0b78aa1a3e353d972615b19e9b6715a70f10d0e4ebbfcf3c
Red Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
5502336b85746ee81fff7e16aa81cd6f87dfc46e903a7840a4207753910e17e5
Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
cef1580c2afb6cf2bd8a84003d5771f8149f09ba4f18f87176a2615bf4d50261
Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e8f9ded0ced617874263eb0c296a5b75636436070ea49ac10fb48402f22578d3
ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.
6146594a8eedc5b48c3895039ed9ff9b2da349396d6a84e9003398290c0214e6
ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.
a3eb218a2f08f0bd814466c67083d00a77e140446ee2dfeedea41ff480fbbb9f
ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.
af1eaef07e52be0596d75f8c870d0a1dc0e3ff1cc76c2eabee1d671f01d9c7f4
This paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.
e98eb4f64e115f6a22e5fb658a650a8f88305b65ab9f8584011c81fe80099560