MTN Group: Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure

Hello world, This vulnerability is too involved with regular users, in order for us to prevent any damage, we need 3 different user accounts we own. This gives us specific "userid" and "teamid" to work with. There's an Information Disclosure as a side effect of this vulnerability. User and team...

Integer overflow

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface TCP port 20005 cannot be ruled out; however, exploitability was judged to be of "rather significant...

CVE-2021-45608

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface TCP port 20005 cannot be ruled out; however, exploitability was judged to be of "rather significant...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a remote code execution vulnerab...

Command injection

Bundler is a package for managing application dependencies in Ruby. In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself...

RHEL 8 : babel (RHSA-2021:4201)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4201 advisory. Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR Common Locale Data Repository,...

CentOS 8 : python36:3.6 (CESA-2021:4150)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4150 advisory. - python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 - python-pygments: ReDoS in multiple lexers CVE-2021-27291 Note that Nessu...

CVE-2021-42258

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID aka username parameter. Successful exploitation can include...

SUSE SLED12 / SLES12 Security Update : javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (SUSE-SU-2021:3450-1)

The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3450-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 703...

CentOS 7 : bind (RHSA-2021:3325)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3325 advisory. - In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview...

New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

The pandemic and remote work shattered your perimeter. Your attack surface has changed — and will keep changing. It’s our mission to help customers strengthen security defenses and stay ahead of evil. As the modern perimeter expands, new and old vulnerabilities emerge as open doors for attackers;...

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description When a XSS payload is used as the name of a gf pattern, it executes. 🕵️‍♂️ Proof of Concept 1. Name a file .json 2. Import the file as a gf pattern at https://127.0.0.1/scanEngine/toolsettings 3. Click on the uploaded gf pattern. 💥 Impact The impact is same as any other Stored XSS...

CVE-2021-35395

Realtek Jungle SDK (Realtek AP-Router/IoT SDK) CVE-2021-35395 enables multiple stack-buffer overflows and command-injection flaws in the HTTP web server management interface (Go-Ahead webs and Boa-based). Affected forms include reboot, WSC/auth, WLANMultiAP, SiteSurvey, StaticDHCP, and peerPin-ba...

Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities

Microsoft Patch Tuesday – July 2021 Microsoft patched 117 vulnerabilities in their July 2021 Patch Tuesday release, and 13 of them are rated as critical severity. Critical Microsoft Vulnerabilities Patched CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability This is being actively...

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

UPDATE A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to an analysis from Eclypsium, the...

Ubuntu 18.04 LTS / 20.04 LTS : GNOME Autoar regression (USN-4937-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4937-2 advisory. USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem...

WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...

Photon OS 3.0: Bindutils PHSA-2021-3.0-0240

An update of the bindutils package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0240. The text itself is copyright C VMware, Inc...

CVE-2021-26419

Scripting Engine Memory Corruption Vulnerability Recent assessments: architect00 at May 14, 2021 10:33am UTC reported: Details The vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the jscript9.dll library, which is used to execute javascript. Possible attack...

Photon OS 3.0: Mysql PHSA-2021-3.0-0231

An update of the mysql package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0231. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...