Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
3a637df610f4399d796b60fd154117f140f2a37f20b84a0e7e662794af91313aUbuntu Security Notice 4924-1 - It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. Various other issues were also addressed.
5d79f87d4be36dea5f66dea9fda219d5d8c0d61f0996c4485a733b8654240079DzzOffice version 2.02.1 suffers from a cross site scripting vulnerability.
a88898d34a0dd38bd0a624051e9d6708e30ca923f0b025646fcc6f58fb4ea499Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.
e8d80953b2ef01723266a3371f3a2c5a42156162d5474910c8ea7602487dd2d5Red Hat Security Advisory 2021-1343-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
12d754c66a3442b65d2c7fbe80fa2a7b6ea9d831b2555bbdc5c5ec3bf7000b9bnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
b2176c1259975f9fcb8125315473d781b45a3954524f784527f3166d68dac708This document covers all the basics of the Kerberoasting attack scenario.
b1100054cd4edc0cd0e59268145f39abcbafebb328532a057a664c8d0aaf6292This documents discusses using the ffuf tool, which stands for Fuzz Faster U Fool.
6eb50e642bf60986949377d3cf9480a50a174c8fad96ba2c4c26a7647052ca46This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670cThis is a brief whitepaper that discusses wordlists, where to get them, and when to use them.
89e78120ceaeb9a64b5808490e77eb00fad19d19fe3106904104df63dfb37a31Red Hat Security Advisory 2021-1338-01 - Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.
a30988ff66266b2db5f8acca7f2c0152290e88ca56893b70bb73ae89269755fbRed Hat Security Advisory 2021-1339-01 - Red Hat OpenShift Serverless Client kn 1.14.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.
7ce92039022809796328e4385858549ac3d68877144fb8520c42a01a3e62a804GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.
41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556cMoodle version 3.10.3 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Vincent666 ibn Winnie in March of 2021.
1fcd1fa3ec121b2c10c68e0cb6e78bbc8b44e1d20dc9503759b2beb14529f62fUbuntu Security Notice 4916-2 - USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Various other issues were also addressed.
0109aef37883b59cfde530823abac56b2ccc7f8d9cf5d79c37274335d1792a6cWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
de1aafd100a1e1207c850d180e97dd91ab8da0f5eb6beec545f725cdb145d333BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768Red Hat Security Advisory 2021-1322-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include integer overflow and null pointer vulnerabilities.
c7f24bb2f14642cac12074bfafb54e59cd5333b67667591a72b4a67fbf6013cbZeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3anfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
ebe157566eab484ed001f6883fcb5e249ae19419a342d541121959fe406c7c24Packed.Win32.Black.d malware has an unauthenticated open proxy vulnerability.
b18b3ad5d47b356d0d074396d3e78619015d4e8d6d35c24f92a64f3e00c8a7c2Red Hat Security Advisory 2021-1324-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include integer overflow and null pointer vulnerabilities.
57aac1c3058fac07f08df4868593183ba64b72eab1b13e737c26cbface926929OTRS version 6.0.1 remote command execution exploit.
9d111d76bea3e1afbf0a3f7944a2ab12828a882b5a33a64bd3c3773ab6853e44Backdoor.Win32.DarkKomet.artr malware suffers from an insecure permissions vulnerability.
6f97ec5a51f653a05bb81959971a0ad88089ac05e1df22f9ab1015828b1d15beRed Hat Security Advisory 2021-1313-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include double free, information leakage, and remote SQL injection vulnerabilities.
27f926f5aa6dc020146bbe82a0e986564870461f6b710ded0e468168538e2d5c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed