Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

CVE-2020-8022

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server...

Backup to NFS repository may hang

Challenge After the backup job starts, some task may hang if all of the following conditions are met: The backup repository type is the NFS repository. A Linux server is selected as a gateway server explicitly or it was selected by the automatic selection from options. NFS v3 is used to access th...

CVE-2019-18901

A UNIX Symbolic Link Symlink Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Serv...

uftpd Path Traversal Vulnerability

uftpd is a Linux-based FTP/TFTP file transfer server. A path traversal vulnerability exists in uftpd versions prior to 2.11. An attacker can exploit this vulnerability to read or write to any location on the file system with the help of several different FTP commands...

The vulnerability of the libzypp library in software developed for the SUSE CaaS Platform and SUSE Linux Enterprise Server allows a perpetrator to gain unauthorized access to information.

The vulnerability of the libzypp library in SUSE CaaS Platform and SUSE Linux Enterprise Server software is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to gain unauthorized access to information...

UBUNTU-CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp version...

uftpd Buffer Overflow Vulnerability

uftpd is a Linux-based FTP/TFTP file transfer server. A buffer overflow vulnerability exists in the 'handlePORT' function of the ftpcmd.c file in uftpd versions prior to 2.11. The vulnerability stems from a network system or product performing operations in memory without properly validating data...

Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux

Summary IBM Integration Bus Hypervisor Edition V9.0 ship with Red Hat Enterprise Linux RHEL Server 6.2 which is vulnerable to: CVE-2019-1354 Vulnerability Details CVEID: CVE-2019-13454 DESCRIPTION: ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. CV...

Splunk Attack Range - A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk

The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server,...

Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages

A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or received by highly targeted individuals. Dubbed "MessageTap ," the backdoor malware is a 64-bit ELF da...

CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If...

U.S. Dept Of Defense: [██████████] — Directory traversal via `/aerosol-bin/███████/display_directory_████_t.cgi`

Description On the domain https://█████████, there is a vulnerable endpoint that lets an attacker preview and browse the whole server including all the server's critical directories such as etc , var, cache etc. located in the root directory of this Linux web server. This vulnerable endpoint is...

Flaws in Evaluating Security Tools for Linux

Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server 2.5 (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server 2.5. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server shipped with IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in IBM WebSphere Application Server Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM WebSphere Application could allow a...

Linux server discovered bitcoin extortion event, do a good Four Points from a loss-vulnerability warning-the black bar safety net

Following the Windows encountered ransomware virus after the Linux server was bitcoin extortion cases have occurred, you think to pay a ransom just to end? Important warning Recently, Tencent cloud security team monitoring to the cloud on a Linux server began to appear bitcoin extortion event, th...

JShielder - Automates The Process Of Installing All The Necessary Packages To Host A Web Application And Hardening A Linux Server

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server wi...

JBoss Remoting 6.14.18 - Denial of Service Exploit

Exploit for multiple platform in category dos / poc Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link:...