Simatic Et200ecopn, Di 8x24vdc, M12-l Security Vulnerabilities

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) Exploit

...

Debian dsa-5652 : python-py7zr-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5652 advisory. A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files...

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

...

CVE-2024-26657

In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...

Tukaani Project XZ Utils Backdoor (Feb/Mar 2024)

The XZ Utils of the Tukaani Project have been backdoored by an unknown threat actor in February and March...

Online Hotel Booking In PHP 1.0 SQL Injection

...

Ubuntu 22.04 LTS : Cacti vulnerability (USN-6720-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6720-1 advisory. Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php....

Exploit for Embedded Malicious Code in Tukaani Xz

root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...

Exploit for Embedded Malicious Code in Tukaani Xz

xzbot Exploration of the xz...

Debian dla-3778 : libnss-libvirt - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3778 advisory. A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage...

Debian dsa-5651 : mediawiki - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5651 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian dsa-5650 : bsdextrautils - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5650 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv....

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

CVE-2021-31630...

R2Frida - Radare2 And Frida Better Together

This is a self-contained plugin for radare2 that allows to instrument remote processes using frida. The radare project brings a complete toolchain for reverse engineering, providing well maintained functionalities and extend its features with other programming languages and tools. Frida is a...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 XZ-Utils Vulnerability Checker and Fixer...

How to back up your iPhone to a Mac

They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your...

Cloud_Enum - Multi-cloud OSINT Tool. Enumerate Public Resources In AWS, Azure, And Google Cloud

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services: - Open / Protected S3 Buckets - awsapps (WorkMail, WorkDocs, Connect, etc.) Microsoft Azure: - Storage Accounts - Open Blob Storage Containers - Hosted...

[slackware-security] coreutils

New coreutils packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/coreutils-9.5-i586-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a...

Slackware: Security Advisory (SSA:2024-088-03)

The remote host is missing an update for...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6707-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6707-4 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure Exploit

...

Slackware: Security Advisory (SSA:2024-088-02)

The remote host is missing an update for...

Slackware: Security Advisory (SSA:2024-088-01)

The remote host is missing an update for...

Debian dsa-5648 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5648 advisory. Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6704-4)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6704-4 advisory. In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in...

Slackware Linux 15.0 / current util-linux Vulnerability (SSA:2024-088-02)

The version of util-linux installed on the remote host is prior to 2.37.4 / 2.40. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-02 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to...

Slackware Linux 15.0 / current coreutils Vulnerability (SSA:2024-088-03)

The version of coreutils installed on the remote host is prior to 9.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-03 advisory. A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple hundred bytes in...

Slackware Linux 15.0 / current seamonkey Vulnerability (SSA:2024-088-01)

The version of seamonkey installed on the remote host is prior to 2.53.18.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

[slackware-security] util-linux

New util-linux packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/util-linux-2.37.4-i586-3_slack15.0.txz: Rebuilt. This release fixes a vulnerability where the wall command did not filter ...

[slackware-security] seamonkey

New seamonkey packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information,...

Podman affected by CVE-2024-1753 container escape at build time

Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind . This is a...

Podman affected by CVE-2024-1753 container escape at build time

Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind . This is a...

Siklu MultiHaul TG Series Credential Disclosure

...

Slackware: Security Advisory (SSA:2024-087-01)

The remote host is missing an update for...

Siklu MultiHaul TG series &lt; 2.0.0 - unauthenticated credential disclosure

...

[slackware-security] curl

New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.7.1-i586-1_slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

Ubuntu 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6718-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6718-2 advisory. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

Debian dla-3776 : libnode-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3776 advisory. The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : unixODBC vulnerability (USN-6715-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6715-1 advisory. An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and...

Debian dla-3777 : composer - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3777 advisory. Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : util-linux vulnerability (USN-6719-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6719-1 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : curl vulnerabilities (USN-6718-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-1 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)

The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6686-5)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-5 advisory. In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain...

Updated gnutls packages fix security vulnerabilities

The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PAM vulnerability (USN-6588-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6588-2 advisory. linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6717-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6717-1 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects...

Exploit for CVE-2024-29272

CVE-2024-29272 This is a Proof-of-Concept for...

Slackware: Security Advisory (SSA:2024-084-01)

The remote host is missing an update for...