🛠Faraday 4.3.3 ðŸ›
📖 Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2022-47986 ‼
📖 Read
via "National Vulnerability Database".
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24329 ‼
📖 Read
via "National Vulnerability Database".
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45701 ‼
📖 Read
via "National Vulnerability Database".
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29168 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23007 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24388 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23899 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.📖 Read
via "National Vulnerability Database".
🕴 Massive GoAnywhere RCE Exploit: Everything You Need to Know 🕴
📖 Read
via "Dark Reading".
Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.📖 Read
via "Dark Reading".
Dark Reading
Massive GoAnywhere RCE Exploit: Everything You Need to Know
Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.
‼ CVE-2021-32441 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0822 ‼
📖 Read
via "National Vulnerability Database".
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43927 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3172 ‼
📖 Read
via "National Vulnerability Database".
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24369 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34164 ‼
📖 Read
via "National Vulnerability Database".
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19824 ‼
📖 Read
via "National Vulnerability Database".
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33948 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20803 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43929 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36775 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33926 ‼
📖 Read
via "National Vulnerability Database".
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.📖 Read
via "National Vulnerability Database".