Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
bc0e3e1d109dedc36a4b8bd38acaf20a9bdc6d8ea141f57aeba14e80aba1541cSyslog Server version 1.2.3 for windows suffers from a remote denial of service vulnerability.
eb46422ac777aa5dbb0a485572f6eef92724300a3e1e4ce51efb6b9d7f377572WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.
b21b04f0900a0f57b17194ed5f9dc60a1ad09467022464b6d1d905884edfc003A double-fetch vulnerability exists in Linux-4.6/kernel/auditsc.c for kernel versions 4.6 and below that can allow for a race condition.
b8484509b883b5ba7efb0f9836de1eba2e683bda2f71f327c5292b39ac3bafa364 bytes small Linux/64bit NetCat bindshell shellcode.
ccb8a4620f13eab28b158fe220b47f9d39887bd7678a8dc86c301a69c5420547Exim4 in some variants is started as root but switches to uid/gid Debian-exim/Debian-exim. But as Exim might need to store received messages in user mailboxes, it has to have the ability to regain privileges. This is also true when Exim is started as "sendmail". During internal operation, sendmail (Exim) will manipulate message spool files in directory structures owned by user "Debian-exim" without caring about symlink attacks. Thus execution of code as user "Debian-exim" can be used to gain root privileges by invoking "sendmail" as user "Debian-exim".
bd74c62b27f39b7f46709bc09cd8804cada21ce8799966cc4bc67706ff142d5bLinux-4.6/drivers/platform/chrome/cros_ec_dev.c suffers from a double-fetch vulnerability that can lead to a race condition and buffer overflow.
80e0da9e4ae252335cbbe6ee98e428a3d91d04848442075c7a5d00d6fe887ef1eCardMAX version 10.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
5f8de22c048b71098b35ba1e93cbe3c2fa763ab62088181de333bfc3b4e6b4a4KWSPHP CMS version 1.6.995 suffers from a persistent cross site scripting vulnerability.
b714b2be97af5970b2a4ee01b3b85daac8e2776f7d722f1dec378d2bb467d9fd98 bytes small Linux/x86 TCP bindshell shellcode that binds to port 4444.
bbeda0cdeea38bf97a30d59d5a8052ae8344aaec1e3c2e7e0e24491a1739f9bbAll EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain an extremely dangerous web component – API Tester. It allows for path traversal, arbitrary code execution, and privilege escalation attacks.
46663e14e60c2d3f94f374b2571e350b1e7744ac4f13a7cd8032e426b3ab94dfWebCalendar version 1.2.7 suffers from a PHP code injection vulnerability.
f08625bb439c813ff12d6610f1b47451bd70656f904beb6b7f2d5a5f98986f4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed