Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
51b659b04afb21ae63464b4358ca4173a6c1ec323afac98bb86dbe563bac1786Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
b5b61e9260d27d3a7d3bb35be908e3bb339c27baee2663ef2807a5082827d7b9LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10 exclusively, but allegedly, versions prior to 19.10 are also vulnerable.
502b91c78328e6802a45c0f60c137a3525f50e9237efcfdd31c3ae86aa049a38Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4b6f4fc061a2d62f4bfc4c023b3a9687f579682d0d0d93b1e1032a14339c54daUbuntu Security Notice 6630-1 - It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain access_key values.
e33597e4fb62975ce2ddc0081056b778d1042fba229644d2cddd928586329b1cThis is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.
e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.
71ed0ed4b76f256b8bd1404c82d84f6ea9cb5e1dc7d524c924f1e48e87fda240WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.
a6feae36b231357c01d0981614dd1286ff4a68f77ee073b39519e2b9ab1fa9aaAn issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery.
0b5b3f6f63dbbe4ccb26f4481406f14577c20d109b328e3475a09901003f0751Red Hat Security Advisory 2024-0773-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
43166ec5ddac7f4a38853172c9e13fcabba81880452b2420fd420c075f9f7332Red Hat Security Advisory 2024-0772-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
6d1e59349360b31293ffe6ee88dee5d3a9e5bcc8da1a2795f662278af8ff89b2Red Hat Security Advisory 2024-0771-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
f9044b043f0d8a13af1d1ee670be543c915244ff614822ff8290a280b78c7b52Red Hat Security Advisory 2024-0769-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
326bed2745d135677bf02cdb13d16a8ff9f14d4281f006937cc3cf9070408bccRed Hat Security Advisory 2024-0768-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.
7f4b6da0631bcf31629cf1148d2df6355cc36b1b0e72d81acdf79cb6a2aedde1Enpass Desktop Application version 6.9.2 suffers from an html injection vulnerability.
4f815ad06334a6128161c6cb1be8aa003a4152220434b4fd740ebad637c334ebComplaint Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities.
7d59fd41c98ba13cc28a26570e58f683a451359e694067648261bbca1fbe2342SCHLIX version 2.2.8-1 suffers from a REGEX processing denial of service vulnerability.
97341cf6bbf89a8ae8294049148c0895151eaece566aac5906aa0c604c223a94
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed