6 matches found
Metasploit Wrap-Up 08/01/2025
ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...
SUSE CVE-2020-1746
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...
PYSEC-2020-13
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...
ansible: Information disclosure issue in ldap_attr and ldap_entry modules
A flaw was found in the Ansible Engine when the ldapattr and ldapentry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bindpw in the parameters field. The highest threat from this vulnerability is data...
ansible: Information disclosure issue in ldap_attr and ldap_entry modules
A flaw was found in the Ansible Engine when the ldapattr and ldapentry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bindpw in the parameters field. The highest threat from this vulnerability is data...
SA-2008-020 - Ubercart - Cross site scripting
The attribute module allows customers to enter a text value as an attribute for a product, like a name to stitch into a hat. However, when these text values were displayed in the shopping cart or on order pages, there was a possibility for a malicious user to perform a cross site scripting attack...