Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
839f26db7940b505813ce047ddd26ae71f41b83ecb0aa74057ebfdc424b8057eDataTables version 1.10.8 suffers from a cross site scripting vulnerability.
6cd21f79315d30a1b359765391dfb3f782051055833ef64c67d853284309a86bBugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.
9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69Raritan PowerIQ ships with three default backdoor credentials left in.
2dcd98105d78a18b206ac52d081745dcf42c639e862b7b25a8d8a0c7ab5e2c5eAndroid Stagefright remote code execution exploit that leverages an integer overflow in the libstagefright MP4 'stsc' atom handling.
f67b80af5b935bc038028c58afef32987821b769236699aed6fdf96d9c690c1dSAP NetWeaver AS Java version 7.4 suffers from multiple XXE vulnerabilities. An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. An attacker can perform a DoS attack (for example, XML Entity Expansion). An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access.
02e1d0a4e09aea20fa9d257a9bab83f794b1d6fbe455cfe78e609b89f08f57bdHP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.
6bb3a5080fcc5cd3fa3ca04240ae84814580d927317fa3a57b6645ecaeda982aSynology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.
c2bfa3b4753d3bfb8fc02e1ef6ea305c761e7d81544de79d1fd8cda1c49d9791Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.
ac383a126c2810f16ff4b122239d9b71076731a6600a7af65e183e0544582edcHP Security Bulletin HPSBGN03504 1 - Potential security vulnerabilities have been identified in HP UCMDB which would allow local disclosure of sensitive information. Revision 1 of this advisory.
d856fbc92cc35abc7930a4225181001200de1c1addd95bbef8898f5b7dad5f88An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the NetWeaver AS ABAP. In addition, it is likely that the code will be implemented into the system as a backdoor.
5a75b13440345faa89ce27ef064614c82121ab50b4b42ab3b21bb4420ecb4fcfSAP NetWeaver AS ABAP contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed.
f09b401a94dc0abc65731e388b4e547146fdc661d853f92abd976848dbd808a1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed