Red Hat Security Advisory 2021-3955-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration. This release provides a number of security fixes, bug fixes and enhancements. For detailed information on changes in this release, see the Red Hat Directory Server 11 Release Notes linked from the References section.
d0fa325631a3d5e688798bee9b8d6f45Hikvision Web Server Build 210702 suffers from a command injection vulnerability.
f61fa809f59a5d34a34ed01d7d37b3d3Apache HTTP Server version 2.4.50 remote code execution exploit.
00e3007a5d132ef7e927cc763523a813Red Hat Security Advisory 2021-3903-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
7b6df42510c0361b27c55dbd05345b40Red Hat Security Advisory 2021-3856-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
13f9dedad23343e3acd6e4108e1bc25cRed Hat Security Advisory 2021-3836-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
24360cdd3532c8790175587bb477664bRed Hat Security Advisory 2021-3837-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
15b3d9e8a40e5c5098ff584014a1ba46Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.
83e881b06b8c45b03c0e1280bba0e9dfRed Hat Security Advisory 2021-3816-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include heap overflow and server-side request forgery vulnerabilities.
7cf611150f0bfbb476f7b62096ee1e48Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Moodle versions 3.11.2, 3.10.0, and 3.8.0.
a7e5d57a6bbc39e072f95b582e1a9b48Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.
92a400708d6b383cfe2f1bd0d3314d11Red Hat Security Advisory 2021-3791-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
72f6c257c56308b68f926b8af4056562Red Hat Security Advisory 2021-3757-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
9493789b0469b8f4183a22f9a4f66375Red Hat Security Advisory 2021-3755-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
f70c844144b0da55d697b7369e97fc10Red Hat Security Advisory 2021-3756-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.
339c536274297e2198f4f54ef3ee0307Red Hat Security Advisory 2021-3754-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.
513214eccd8b74cca2eabf194305005bThe Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
3ee4cd3518d870166237f5e00f0cc4e1Red Hat Security Advisory 2021-3746-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 9 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 8 and includes an important security update. Issues addressed include a server-side request forgery vulnerability.
2c980136ba7ec5f032313d3d52b32cbfRed Hat Security Advisory 2021-3745-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 9 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 8 and includes an important security update. Issues addressed include a server-side request forgery vulnerability.
889befe8c8b4dd6288b2989e6781c360Red Hat Security Advisory 2021-3743-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
7c0d66a99716232d07c2ee5e7c36f553Red Hat Security Advisory 2021-3741-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
26bd9e847e01fe88c8d6c9a7c3882eb3Online-Food-Ordering-Web-App suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2e3935af30a88b048926ba5e206dad5aApache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.
1f8f44361142a2acbf7b9f53b654f29asqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
675f4c751850d0e0e066bdb6d38b8ebdRed Hat Security Advisory 2021-3694-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
1c9dc0773ccbd6d66d1f85debc49bc37
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed