SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities.
5ed47986bbc0d66aaf57c91633e6ec7ae2e1882ae76361c2429b36bdf3d0fc38This archive contains all of the 180 exploits added to Packet Storm in November, 2019.
748d5fe134eca74ab21a6089ed971c4aa53159defadc9f9e96cc82609687a397I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
9f03a636e2dc7e25455fb75869b3a8313fd177d231e056b0556159efec4d6d9dThis Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
19a60244a9981506c6ee38b26a274f9f9a7867cb46ae450c4e77577fc35a1e1fsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
f98b82f9ea9af1291707bd392bc977320941af79b79e34a5e49e694712024570Red Hat Security Advisory 2019-4045-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and information leakage vulnerabilities.
b85c5a751f1f148345dcf9319176b861f5a99ccd5227ff88cb78b04087853f8cRed Hat Security Advisory 2019-4042-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and information leakage vulnerabilities.
44b8d041159a0e07365b20613e296b9efdd97b2e2b312cd8237b211ef1a7a17dRed Hat Security Advisory 2019-4041-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and information leakage vulnerabilities.
40183cb02b19c1f8330fda216c8441bd9d23116f63fa895df53be751b75c29e4Red Hat Security Advisory 2019-4040-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and information leakage vulnerabilities.
3bff7573638f75c90fb4eb8dd0d784623a21760f032a4fe2ebd8e7077a378f8bRed Hat Security Advisory 2019-4037-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.2 serves as a replacement for Red Hat Data Grid 7.3.1 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include code execution and deserialization vulnerabilities.
ce5063bf6be7167b85f5a8239239b32a7d74c613a7d9c267b9bdd64794ace7c2Red Hat Security Advisory 2019-4024-01 - Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
87c9dcbfa7b1d9428d6f6506d816bea2b3516ce7d45a3cf9cfe3aed60cad70d3Microsoft Visual Studio 2008 Express IDE suffers from an XML external entity injection vulnerability.
2b347e3e3aa8c05872e5d91abda3e6e4738812564cc798a749efdc8982d35ec9Dokuwiki version 2018-04-22b suffers from a username enumeration vulnerability.
5dda147aaf438ae37992e0e76ba633998f24f775dfa6f8cf98bfd12786a457dfAnviz CrossChex version 4.3.12 suffers from a buffer overflow vulnerability.
a890bfbbd7791711a842da62f662a5d6496badb3f38f09cb5325d13f798f1184NSAuditor version 3.1.8.0 suffers from a Key denial of service vulnerability.
a01e659cfcb1851225598fb4d6d0004bf1d0492f5357985ae9af48d6fe3910a4NSAuditor version 3.1.8.0 suffers from a Name denial of service vulnerability.
59b2edd5097367ea18579ba8c3dfcf7b0bd19fdc2686baeeaab8535995faab55
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed