The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.
3cfe28296a3b91c815100d9996280537326adc728304ac8036ea7dcb8ca37586Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
5b2ce3b602df2a59934f79f07f2702df574f8d840ead2e435a3dcf706d054bb0Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
9b0f71182955d9cc7a6fa1108245ef50055a51415551661c14fa41d80ac4112fThe session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.
8e36cd6e0e9d8313fa5d69ac8a251f028f0917623224801c73dabef67e8e781fGentoo Linux Security Advisory 202012-24 - Multiple vulnerabilities have been found in Samba, the worst of which could result in a Denial of Service condition. Versions less than 4.12.9 are affected.
09eede95a802e9406ba2349f3ea9a0665ce582d50fcd93512059a1e324ed54bcGentoo Linux Security Advisory 202012-23 - A vulnerability has been discovered in Apache Tomcat that allows for the disclosure of sensitive information. Versions less than 8.5.60:8.5 are affected.
036a4bffafc60bce4ec6c29a38cd364c18195202e9a4ef44898269e4f2646a77Gentoo Linux Security Advisory 202012-22 - A buffer overflow in HAProxy might allow an attacker to execute arbitrary code. Versions less than 2.1.4 are affected.
deb543fefe04671e624c9a3a397ff0e90ad643398dd6eafbd995bb2736cc5a14Gentoo Linux Security Advisory 202012-21 - A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. Versions less than 3.58 are affected.
a282dc641d5de5587d78c29558f4f0c0c8488867d67a5bc5ea418c671b625ce8Gentoo Linux Security Advisory 202012-20 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 84.0 are affected.
de30a1e21e5b7ada6ec4bcbb46cceddbefafa75528b46c501c1e55964f1b231fGentoo Linux Security Advisory 202012-19 - A vulnerability in PowerDNS Recursor could lead to a Denial of Service condition. Versions less than 4.3.5 are affected.
1a0b7a13e55aa409cf7dd7d3871ee3056e1aa0f33241282dda8d17a5f2731643Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
b8557316f332094f6672bb8c0004bcbd1f143157334bb43bddaa829f3b02d82bGentoo Linux Security Advisory 202012-18 - An information disclosure vulnerability in PowerDNS allow remote attackers to obtain sensitive information. Versions less than 4.3.1 are affected.
704df9880c4a0fd844a1a0504544397c333157cd26c177c9c8f4d24de36804b1Gentoo Linux Security Advisory 202012-17 - A local Denial of Service vulnerability was discovered in D-Bus. Versions less than 1.12.20 are affected.
d24fef0933746329a1375cfa995e50b3953cee853f21f0f4321cfbceb8ad26adGentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
0a324c9df6116f0293feef12896ad6a985963a013bf429dde82e154fd65a423aGentoo Linux Security Advisory 202012-15 - A vulnerability in GDK-PixBuf library could lead to a Denial of Service condition. Versions less than 2.42.2 are affected.
14bc8e8787b55a47d0523a3b4f0b89c62ff0a566f965289d796c69152294fb54Gentoo Linux Security Advisory 202012-14 - Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. Versions less than 7.74.0 are affected.
a431e20003dbb54cbc97fe5d2ae4cf8ccc1763c47896a24f006add5698abd333WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.
4793c8182487c97db6aa9340ab7faa718760a288daf10bad4294bc1b27209ea1Gentoo Linux Security Advisory 202012-13 - A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1i are affected.
09e5b24d63f4ea0a050e578a37335da92e11ede695aad3cf7d56ff726f941130Gentoo Linux Security Advisory 202012-12 - A vulnerability has been found in libass that could allow a remote attacker to execute arbitrary code. Versions less than 0.15.0 are affected.
ad9f983be7bd1a9082dba4f3869ff9278199762ad56a7b4c438b994f7dfccdf9Gentoo Linux Security Advisory 202012-11 - A Denial of Service vulnerability was discovered in c-ares. Versions less than 1.17.1 are affected.
4a30337127d4354c36c62b697fdf507237101cac53e5b52c93f8b3667e595f6aGentoo Linux Security Advisory 202012-10 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.30.3 are affected.
d721871c2eb810583e54a283bedc9a56e02aeb022bd9927e9feccfcc2d032ae7GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.
c9c6f0c8706abfa0c67bcf3a71b777f57f857eb79b6d8aa441fb831112e3fa13
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed