GHSA-9P64-JPC7-M2RP Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the AdvancedLoggingJSON configuration during support packet generation. An attacker can access arbitrary files on the host system by supplying a malicious file path. Details A Directory Traversal attack also known...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the AdvancedLoggingJSON configuration during support packet generation. An attacker can access arbitrary files on the host system by supplying a malicious file path. Details A Directory Traversal attack also known...

Suricata resource management error vulnerability

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.3 and 7.0.14 contained a resource management vulnerability. This vulnerability stemmed from an unsigned integer overflow that could occur when generating too man...

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

EUVD-2023-53085

Malicious code in bioql PyPI...

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: CVE-2024-49855: nbd: fix race between timeout and normal completion bsc1232900. CVE-2025-21680: pktgen: Avoid out-of-bounds access in getimixentries bsc1236701. CVE-2024-58013:...

Windows TCP/IP - RCE Checker and Denial of Service

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Windows IPv6 CVE-2024-38063 Checker and Denial-Of-Service Date: 2024-08-07 Exploit Author: Photubias Vendor Homepage: https://microsoft.com Vendor Advisory: 1 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Version:...

kernel: igc: avoid returning frame twice in XDP_REDIRECT

A memory corruption flaw was found in the Linux kernel’s IntelR Ethernet Controller I225-LM/I225-V driver in how a user generates a high amount of packets. This flaw allows a local user to crash the system...

kernel: igc: avoid returning frame twice in XDP_REDIRECT

A memory corruption flaw was found in the Linux kernel’s IntelR Ethernet Controller I225-LM/I225-V driver in how a user generates a high amount of packets. This flaw allows a local user to crash the system...

kernel: igc: avoid returning frame twice in XDP_REDIRECT

A memory corruption flaw was found in the Linux kernel’s IntelR Ethernet Controller I225-LM/I225-V driver in how a user generates a high amount of packets. This flaw allows a local user to crash the system...

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow SEH Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/3gp-photo-slideshow.html Tested Version: 8.05 Tested ...

Smart Pentester - An SSH based Penetration Testing Framework

Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc. Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence,...