Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
4882781902435137ae8b1fd009b4c4df6d61f4ae936be03a8ca2819d4d11c896
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
f852de0f0b6d8436761426dbdc2eda922558e197112c212440905e57ecb39f15
Debian Linux Security Advisory 5655-1 - It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.
14093fabc69fd65851f3932ac6e03e2c4be92f356b14adae4a02493d9c0dbc94
The IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in Emerging Technologies organizing committee is inviting you to submit your research papers. The workshop will be held in Hybrid mode. The in-person mode will held at Hilton London Tower Bridge, London from September 2nd through the 4th, 2024.
0d300ee78ceddaee1fa7d0efc06f277816ca687d310c808e3dbab1c1003095d5
Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server. Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system. All versions prior to Visual Planning 8 (Build 240207) are affected.
bdf19a1c93a8a216cff1545664827634a9baef8a83c8ebb7ba571f139ed08b7a
Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access to arbitrary user accounts including administrators. In case administrative (in the context of Visual Planning) accounts are compromised, attackers can install malicious modules into the application to take over the application server hosting the Visual Planning application. All versions prior to Visual Planning 8 (Build 240207) are affected.
317fc4e9931be1f5637f8b1a9a92f3305f2b80aa897d807f8b7b94af2fd3c671
A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route. The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses. If exploited, attackers are able to gain administrative access to the REST API version 2.0.
c55674b96230c64cac5bca2736c46d82917b5d83954b7346ec654295bd66eda4
Feng Office version 3.10.8.21 suffers from a persistent cross site scripting vulnerability.
ad3a7614cba9fce96ba0ef2c4100acb2e516bae93834f646720f56ca266fd5e3
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.
c59f5b4f5d044eb7838a408a25e1ddb8966666ed55c708660903f015ccf7e1b5
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.
635f60dcea426f833c149bf378a0e8ce1585c3548641f81eb1702cf39c8c50de
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.
4d58e0287f76d2e5689e86c7f6907829d0e768e9a60e0f2ac317c9153ee4e3b6
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.
74c4544a3c0353807fe286b034266f311ce4af6f554209e73f1d797e5fbff5cc
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3e
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
8f9e6fd28f6cfe91749cb218425046ee910787a3a9fd05dafed94fca09da5a72
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.
d7ac5458d2d0756d2d607450406a0027661faffb3740c59db51f83e2e7620fe8
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.
6ac6f7dc08e5aa36734a4a3929671a6b16c39f23cfa800f533b74b3aa6969051
Seo Panel version 4.7.0 suffers from a cross site scripting vulnerability.
b07abff2f49d2fe016305db3af08234302945203e601e991d4e73f2065cc5538
Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.
94d4f83975f87861e5de23afeddf375d89516755bb5f7b64deb215523821ad76
Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.
31f4b2bfcea7721b795130a73ea23eb4c455761a9210c8e57d648ef7f5a73b61
A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9
Linux versions starting with 6.5 suffer from a read-after-type-change of folio in cachestat() that leads to a kernel pointer leak.
9ed32c7cf46a882e510759c307e0ac2758225c4d00df31c8c83be548a01fd482
Red Hat Security Advisory 2024-1686-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include an information leakage vulnerability.
8bbc60ed7e29b0e8f106e96518194e50ce2f9ff3e1745a5623692abaa3060942
Red Hat Security Advisory 2024-1678-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
c8e9210dcbe1fe1521f22f792f9ce018db0841a4eab54976403ba6ef71eecccf