Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
eeb51a0601444ae090b539723d9ec244468d9f3fe32403ac2884aec913449998
Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.
31b5089934b776c5932880b406f38f121f36e74f6461c25588737e5f22c7ff0f
SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.
4a8db7aa8f258b1769fbf97ddef33a9c7b31c57775fc5b0aaae9d89f1808d5c0
The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems.
0079ebd509ea0915ed3e16a7c9804d1538ef4af1d978ab5d1ad291080c5dd106
The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.
2d1f0734303783a8b47a886f91b23670d4395d5d4ed4501f6e4af6001b97b2b7
Online Course Registration version 1.0 suffers from a blind boolean-based remote SQL injection vulnerability.
7a2b88e12b269b54cb21377981ddc1a6971c0d2cdd29f7e161bc42db12bed913
The SAP NetWeaver ABAP Gateway service suffers from multiple memory corruption vulnerabilities.
da1fec63d0f864232e684c79171e0e2cc4a5296c2ce6bd0702518810eabac2ea
SAP NetWeaver ABAP Enqueue service suffers from multiple memory corruption vulnerabilities.
311841e1ce77e5cac126339df98efcba8eda52f242b8a567340833179c8bd6c5
Ubuntu Security Notice 5116-2 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bb413440af0aa8dceb1eaf38175be7d5c9ca2e29eb72383441a3801aa860047d
Clinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.
f5c56bd725c4d429d8538d02faa6b5e7639510b64d58be8816511e188df9be9a
The Communication Profiles functionality provided within SAP JAVA NetWeaver suffers from an XML external entity injection vulnerability.
148727acfbb4a8a75ea11ebaf68ed2fcc427fa652ac0cb1a7e2f15ae72c6fc66
SAP NetWeaver ABAP Dispatcher service suffers from memory corruption vulnerabilities. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable.
17cc60af5d9b943931eeb5cd66b2a4f367a1a9b045b6aa0fe83114111e1f2e37
Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.
2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167
Ubuntu Security Notice 5120-1 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
0a4088e105c209023f79e6f139417f5c549e7100d2f58e29b718a130f141a387