Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
3a637df610f4399d796b60fd154117f140f2a37f20b84a0e7e662794af91313a
Ubuntu Security Notice 4924-1 - It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. Various other issues were also addressed.
5d79f87d4be36dea5f66dea9fda219d5d8c0d61f0996c4485a733b8654240079
DzzOffice version 2.02.1 suffers from a cross site scripting vulnerability.
a88898d34a0dd38bd0a624051e9d6708e30ca923f0b025646fcc6f58fb4ea499
Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.
e8d80953b2ef01723266a3371f3a2c5a42156162d5474910c8ea7602487dd2d5
Red Hat Security Advisory 2021-1343-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
12d754c66a3442b65d2c7fbe80fa2a7b6ea9d831b2555bbdc5c5ec3bf7000b9b
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
b2176c1259975f9fcb8125315473d781b45a3954524f784527f3166d68dac708
This document covers all the basics of the Kerberoasting attack scenario.
b1100054cd4edc0cd0e59268145f39abcbafebb328532a057a664c8d0aaf6292
This documents discusses using the ffuf tool, which stands for Fuzz Faster U Fool.
6eb50e642bf60986949377d3cf9480a50a174c8fad96ba2c4c26a7647052ca46
This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
This is a brief whitepaper that discusses wordlists, where to get them, and when to use them.
89e78120ceaeb9a64b5808490e77eb00fad19d19fe3106904104df63dfb37a31
Red Hat Security Advisory 2021-1338-01 - Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.
a30988ff66266b2db5f8acca7f2c0152290e88ca56893b70bb73ae89269755fb
Red Hat Security Advisory 2021-1339-01 - Red Hat OpenShift Serverless Client kn 1.14.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.
7ce92039022809796328e4385858549ac3d68877144fb8520c42a01a3e62a804
GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.
41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556c
Moodle version 3.10.3 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Vincent666 ibn Winnie in March of 2021.
1fcd1fa3ec121b2c10c68e0cb6e78bbc8b44e1d20dc9503759b2beb14529f62f
Ubuntu Security Notice 4916-2 - USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Various other issues were also addressed.
0109aef37883b59cfde530823abac56b2ccc7f8d9cf5d79c37274335d1792a6c
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
de1aafd100a1e1207c850d180e97dd91ab8da0f5eb6beec545f725cdb145d333
BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768
Red Hat Security Advisory 2021-1322-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include integer overflow and null pointer vulnerabilities.
c7f24bb2f14642cac12074bfafb54e59cd5333b67667591a72b4a67fbf6013cb
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3a
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
ebe157566eab484ed001f6883fcb5e249ae19419a342d541121959fe406c7c24
Packed.Win32.Black.d malware has an unauthenticated open proxy vulnerability.
b18b3ad5d47b356d0d074396d3e78619015d4e8d6d35c24f92a64f3e00c8a7c2
Red Hat Security Advisory 2021-1324-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include integer overflow and null pointer vulnerabilities.
57aac1c3058fac07f08df4868593183ba64b72eab1b13e737c26cbface926929
OTRS version 6.0.1 remote command execution exploit.
9d111d76bea3e1afbf0a3f7944a2ab12828a882b5a33a64bd3c3773ab6853e44
Backdoor.Win32.DarkKomet.artr malware suffers from an insecure permissions vulnerability.
6f97ec5a51f653a05bb81959971a0ad88089ac05e1df22f9ab1015828b1d15be
Red Hat Security Advisory 2021-1313-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include double free, information leakage, and remote SQL injection vulnerabilities.
27f926f5aa6dc020146bbe82a0e986564870461f6b710ded0e468168538e2d5c