RHEL 8 : thunderbird (RHSA-2023:3588)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3588 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fixes: Mozilla...

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

On June 9, 2023, Fortinet silently patched a purported critical remote code execution RCE vulnerability in Fortigate SSL VPN firewalls. According to Lexfo Security’s Charles Fol, who discovered the vulnerability, the flaw is heap-based and reachable pre-authentication. According to reports,...

Ubuntu 20.04 LTS : SSSD vulnerability (USN-6156-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6156-1 advisory. It was discovered that SSSD incorrrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker cou...

CVE-2023-2900

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is...

Fedora 38 : kitty (2023-0418511dfe)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0418511dfe advisory. version 0.28.1, backport security fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

RHEL 8 : webkit2gtk3 (RHSA-2023:3108)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3108 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes ...

RHEL 8 : libreswan (RHSA-2023:2125)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:2125 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Dell EMC NetWorker Version Disclosure (DSA-2023-058)

The version of Dell EMC NetWorker installed on the remote Windows host is 19.5 or earlier. It is, therefore, affected by version disclosure vulnerabilities for 'Apache Tomcat' and 'RabbitMQ'. A NetWorker server user with remote access to NetWorker clients can exploit this vulnerability to prepare...

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

Design/Logic Flaw

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

CVE-2023-2418

CVE-2023-2418 affects Konga version 2.8.3 running on Kong. The issue is in the Login API component, where handling leads to insufficiently random values. The documented attack complexity is high and exploitability is difficult, with multiple sources indicating the vulnerability could be exploited...

Fedora 37 : libpcap / tcpdump (2023-a66bd67e34)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-a66bd67e34 advisory. New versions of libpcap and tcpdump Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Security Updates for Microsoft Publisher Products C2R (April 2023)

The Microsoft Publisher Products are missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

WIMAX SWC-5100W Remote Command Execution

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated Remote Code Execution Exploit

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested on: Unix CVE :...

CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Recent...

CVE-2023-1506

A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument UUSERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument UUSERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack...

CVE-2023-1503

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/adminindex.php. The manipulation of the argument username/password with the input admin' AND SELECT 8062 FROM SELECTSLEEP5meUD-- hLiX lead...

CVE-2023-1503 SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/adminindex.php. The manipulation of the argument username/password with the input admin' AND SELECT 8062 FROM SELECTSLEEP5meUD-- hLiX lead...