Usermin version 1.820 authenticated remote code execution exploit.
1269514ec09dd065b78ba3dc999b0430fa4c0a9cedd960a589ba52d447a070a5
ZesleCP version 3.1.9 authenticated remote code execution exploit.
13dc036088e14a3dceb02f4bb93c56fa35609cd89f5f254b27c676047a24cb78
CyberPanel version 2.1 authenticated remote code execution exploit.
09cef76696c3f322663bcaedb3554377b61ecaadf24c49140593ee2a871b9d80
Ubuntu Security Notice 5053-1 - It was discovered that libssh incorrectly handled rekeying. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
f3a279c38ed606749ddabedbd85154581e55cffe1b0adcb35cbdf2b297cc05de
Red Hat Security Advisory 2021-3233-01 - Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Issues addressed include a buffer overflow vulnerability.
6be98a6925869e1147021473fada7a4429130b94ff373a3c8f888759d44b56ef
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
58a7fa8dfe2010a8c8b7dcf66438c653e6493d47eb936ba48ef49d4aa4dbd725
Ubuntu Security Notice 5051-3 - USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
601aedb02dcb81703c8f8937728eed132e75664b1787c8dacac442483a1a66ef
Ubuntu Security Notice 5051-2 - USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
d608c60ee7f2610b9130e1d0027f1eeb33623ea36322fb9c087707f70f2a504b
Ubuntu Security Notice 5052-1 - MongoDB would fail to properly invalidate existing sessions for deleted users. This could allow a remote authenticated attacker to gain elevated privileges if their user account was recreated with elevated privileges.
0ea9b9b187dca2bf7ba1f179a3b10563d15e3a5471c3875c0a889c5422cc0083
ProcessMaker version 3.5.4 suffers from a local file inclusion vulnerability.
9ea7d66b1db175d01d116b70589f81aa63e6fdbafe9911ea8926c41cf7d4ab71
Ubuntu Security Notice 5037-2 - USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code. Various other issues were also addressed.
e7345d5b5d486e0daa13fc62b565f07e5438ea8c70f891e628005c753b119411
Ubuntu Security Notice 5051-1 - John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
c58eb6da5f4d5d59425e108b61f06990b263a18153824d43ff593574b30d28bd
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
26e5f4d95b1a0766870f97b30e57c9a8e98690279c3bf09198e30effabecc450
Online Leave Management System version 1.0 suffers from a remote shell upload vulnerability.
158752aae6e8944c23273fc0c91143696754c1868cef1091381b583413edd88e
This is a whitepaper that discusses additional vectors of attack that can be used against Razer products.
d896ee68726d14957e7b9ef3ead4ea6080977a3951b1f9246dab51ea5e04be7c
HP OfficeJet 4630/7110 MYM1FN2025AR 2117A suffers from a persistent cross site scripting vulnerability.
9c47a3df0aeac66e90d1c67436d761aefbe3c0374807c5fb8d446b2233f196be
WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.
4ba2f635f1919087afeb889e83b56c9bba07306accfaf8f3400631cec952d93f
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
Ubuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
15f18b4a1645df7896d1474336043a68629898f3145352b2946dd200efd3f028
OpenSSL Security Advisory 20210824 - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. Other issues were also addressed.
66334c85ddd9c930da8fe00ca3eaff4182ef23553e0a3eadf85842e9a513e5bb
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
dda5e2fa2971fb4aa73738c44c9796ca3f1f566519c324b7cbf6b9c9629a2aaf
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
1c5cdf6f6fd15ade52259507fd3182d7adfd3b3898b69f149c4b64e10a7dcbf4
Ubuntu Security Notice 5048-1 - It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
ba81c2cbc24c926b2434bc1a0299f2832c2e3e64dcc9e5ebf19c7f8cfe9dc1b2
Online Traffic Offense Management System version 1.0 unauthenticated remote code execution exploit.
3a0f14a344d8a07e5584638a35c227d39c06cf0f489140879d423a2d7f0185a5
Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability.
991ebf15a2fad6e84c2cb8c0596024371c0ae5aa7b0309a15458c5be942d417d