14 matches found
Persistence Exploit Suggester
This module suggests persistence modules that can be used. The modules are suggested based on the architecture and platform that the user has a shell opened as well as the available exploits in meterpreter. It's important to note that not all modules will be checked. Exploits are chosen based on...
April Linux Patch Wednesday
AprilLinux Patch Wednesday. Total vulnerabilities: 251. 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits. For 2 vulnerabilities, exploit code with detailed explanation is available on...
Linux Distros Unpatched Vulnerability : CVE-2023-0512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. CVE-2023-0512 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2023-4752
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in GitHub repository vim/vim prior to 9.0.1858. CVE-2023-4752 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2021-25290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVE-2021-25290 Note that Nessus relies ...
Linux Distros Unpatched Vulnerability : CVE-2017-15874
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archival/libarchive/decompressunlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. CVE-2017-15874 Note that Nessus relies ...
Linux Distros Unpatched Vulnerability : CVE-2020-19668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unverified indexs into the array lead to out of bound access in the gifoutcode function in fromgif.c in libsixel 1.8.6. CVE-2020-19668 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2011-0523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files...
Curl 7.76.0 < 8.11.1 Information Disclosure (CVE-2024-11053)
The version of Curl installed on the remote host is between 7.76.0 and prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...
Photon OS 5.0: Openjdk11 PHSA-2023-5.0-0032
An update of the openjdk11 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0032. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2023-41710
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...
CVE-2023-26427
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known...
Vulmap
This is an open-source online local vulnerability scanner project called Vulmap. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. The project is designed to scan installed software on the host, query the Vulmon API for vulnerabilities, and print...
GALLIUM: Targeting global telecom
Microsoft Threat Intelligence Center MSTIC is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect...