The vulnerability of the FortiADC application delivery controller arises from insufficient validation of input data, allowing attackers to extract files with specific extensions from the basic Linux system.

The vulnerability of the FortiADC application delivery controller exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to extract files with specific extensions from the basic Linux system using specially crafted HTTP requests...

Input validation

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests...

CVE-2022-33876

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests...

FortiADC - Improper input validation in download features

Multiple improper input validation vulnerabilities CWE-20 may allow an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests...

[SECURITY] Fedora 35 Update: sysstat-12.5.6-2.fc35

The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, pidstat, cifsiostat and sa tools for Linux. The sar command collects and reports system activity information. The information collected by sar can be saved in a file in a binary format for future inspection. The statistics...

CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...

CVE-2022-41553 Information Exposure Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux Analytics probe component, Hitachi Ops Center Analyzer on Linux Hitachi Ops Center Analyzer probe component allows local users to gain sensitive information. This issue affect...

Zimbra Collaboration Suite TAR Path Traversal Exploit

This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility th...

glibc bug fix and enhancement update

An update is available for glibc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

UnRAR Path Traversal in Zimbra (CVE-2022-30333)

This module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to ...

The vulnerability in the /net/nfc/core.c component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the /net/nfc/core.c component of the Linux operating system relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...

Zimbra UnRAR Path Traversal Exploit

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitra...

Zimbra UnRAR Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UnRAR Path Traversal in Zimbra CVE-2022-30333', 'Description' = %q This module creates a RAR file that can be emailed to a Zimbra server to explo...

glibc bug fix update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the GNU community. A buffer error vulnerability exists in grub2, which can be exploited by an attacker to cause a buffer underflow write in the heap via a carefully crafted JPEG image...

Labtainers - A Docker-based Cyber Lab Framework

Labtainers include more than 50 cyber lab exercises and tools to build your own. Import a single VM appliance or install on a Linux system and your students are done with provisioning and administrative setup, for these and future lab exercises. Consistent lab execution environments and automated...

CVE-2022-20801

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to...

Foscam R2C IP Conditional Competition Vulnerability

Foscam R2C IP, a webcam from Foscam China, is a conditional contention vulnerability that could be exploited by remote attackers to gain full remote access to the IP camera and the underlying Linux system with root privileges...

Foscam R2C IP 安全漏洞

Foscam R2C IP, a webcam from Foscam China, is a conditional contention vulnerability that could be exploited by remote attackers to gain full remote access to the IP camera and the underlying Linux system with root privileges...

Design/Logic Flaw

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...