Ubuntu Security Notice 4384-1 - It was discovered that GnuTLS incorrectly handled session ticket encryption keys. A remote attacker could possibly use this issue to bypass authentication or recover sensitive information.
492abbc577184d8e91af368a59566ed8ddd0e0406382a8c4734a76657eeb48e5Red Hat Security Advisory 2020-2405-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.
03f48fd9588e6ed49fb7fbc6e30bb4d86fb083d409fceec90f266381ee03aa95Red Hat Security Advisory 2020-2366-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.12 serves as a replacement for Red Hat support for Spring Boot 2.1.6, and includes security and bug fixes and enhancements. Issues addressed include bypass, cross site request forgery, and denial of service vulnerabilities.
354667e4cac1cdbe056ab77c3d622d7bb555695ab87c9226010ab61e85d7455bUbuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.
275aa1dbc98d8c1f1f63c59a5ec99a85629f398784fe354d12af97a619f77497WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation.
2b5dfe00be1334114c04e743db783c3a3f1ad2d5004db2216f1ead8c50be8631Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure.
feed9ac59fa8c29769c827c9ab64c5533cc3930d33aaf789ed75c1605b9ace7eFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
e2cf9a49c9ae692d8c3847655c69ef56c52f2136a398f92f3a079985f9b40312This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
e1a3270999313093f5713647237e1d7494e0c1bc022d9a26053bf23d8ac80fe3Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.
479f4579b4b9aa4978606f0a9f84e9bbac7947654e1a57a9e42f9f18e0988c1bOnline Course Registration version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
089325e7bfc1c02f46a101209bf25fc841b972561e36c3fb3946dc33690310a3Quick Player version 1.3 suffers from a denial of service vulnerability.
286bf64e77c4c5d59437659d61217a58b6f0141b0cd1bb2bed028ef7c48a678e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed