Backdoor.Win32.Inject.tyq malware suffers from an insecure permissions vulnerability.
bf6ea50de9c992e63ecd9bb1513eaba793264ba0d8a4f0670e8fd53b8afecfa1
Trojan-Proxy.Win32.Daemonize.i malware suffers from a denial of service vulnerability.
ec4c7d9c8fc6221615ade67c7f0ecac57a8127a1a3b432e69c99210aca11f631
Apache MyFaces versions 2.2.13 and below, 2.3.7 and below, 2.3-next-M4 and below, and 2.1 and below suffer from a cross site request forgery vulnerability.
9496fb42b8d7b245393af79c43e00c9737bf7e2ce2f045cabe480e1ebae73876
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
562e32370844ff08b49d43a83c6a3a84170947f52ba058432e3b81d9fdadc08c
Ubuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.
b3b8bf514ec38521acd2be501b5bd64089f6ae87f9304453ee94171d077ac559
Red Hat Security Advisory 2021-0611-01 - The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly.
47745c5fc42d6a7d68a5d49b3d5f996c8d4a635eda377a44026d8a187d80e8a0
Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.
a598689c226c0f0b2be7c0f2f5f641be7af78caf65f348109e0446002e06d18f
This program demonstrates a time-of-check-time-of-use TOCTOU vulnerability in Firejail. Winning it causes Firejail to create an insecure overlayfs layout, that is then used to escalate privileges by making /etc/ld.so.preload user writable.
adefafe1c85cc2ef526eedeae1ad122c13edd91a2e7eeb35bc0f9aa07cfe03e9
Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.
3f87f3755ce52d2f838568100aa5bcddd41562af238a4049341de0c8ae70d50c
Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.
514c38f88457c5adefa470f62cfa4733ee26d4eda6458c3b24c7bb21f2ec9701
An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.
c6b2cb980ac1c471ada712a10083d5e4a2f109aa8638a11055f9f18afbbc09ab
dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.
fb2146f71f5492c1997492e5227915f35165c11c8c93ca3251f06a0b3dbb8349
When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.
2a9795115e2a46d96ffa9cb29f66fab90c91d64bdafcfd927d79e02c48f5c8b5
If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.
2f45006a2c9afadddcf34831d258755849dc791b989f4dce2ef9bb09888bc8d9
Online Exam System With Timer version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3fa34b5f3e08b7d12953e622aa8b45d2e4797b9ced277916db0e75294f3387db
Beauty Parlour Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
34fe4781069f55ef636ebeb487e5c7873e252073bfb2323964a77fb81e0458ef
Beauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Prof. Kailas Patil in June of 2020.
3af5ffb0c4ba62a9575b929a7d6c4ce9cdaa1cbd415b87c400525e94793a274a
Backdoor.Win32.Bionet.10 malware has an ftp service that allows for anonymous login.
404aa1cc25a484f04ec04f3fcdd9b35295adf133838edc77ca4e63911e3d6bde
Comment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
46878eefcae9571cb16bc25507a049e842376b95088b9e7b41522e7641082ae1
Backdoor.Win32.DarkKomet.apcc malware suffers from an insecure permissions vulnerability.
aecb3a0c272436b731621f6bcd2825f3baf0858666fecf06db2f2a9d8b681638
Backdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.
5093711b0c6d00b1510fcead1c8a97d6fde81a882fde3001e630e1feeccf901a
OpenText Content Server version 20.3 suffers from multiple persistent cross site scripting vulnerabilities.
dbbfc659d2fde29e9fb6fb4d8b71106fd64cd09ff143fade3c3ea59fbd6c45d6
This is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.
425783c0a58f4b3d8ceaa1ef51c78b248dc59a4e994ea242a952886897d53b3d
Ubuntu Security Notice 4739-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
e6a2abe7fda38194f09de5adbeadd44f8ec9c63d730a2d1697bcacd6b7d09e95
Ubuntu Security Notice 4738-1 - Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
3674119434b97aa1d488e84d529023ecaeea76725f509e491630edb2026cfda4