Unified Remote Authentication Bypass / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unified Remote Auth Bypass to RCE', 'Description' = %q This module utilizes the Unified Remote remote control protocol to type out and deploy a...

The Types of Phishing Attacks and How to Dodge All of Them

By Owais Sultan Phishing scams are sneaky and often difficult to detect. These types of cyber attacks involve cybercriminals sending emails,… This is a post from HackRead.com Read the original post: The Types of Phishing Attacks and How to Dodge All of Them...

Oracle Linux 6 : kernel (ELSA-2022-9793)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9793 advisory. - bluetooth: eliminate the potential race condition when removing the HCI controller Lin Ma CVE-2021-32399 Orabug: 33763116 Tenable has extracted the...

GSD-2022-1005872 i2c: cadence: Support PEC for SMBus block read

i2c: cadence: Support PEC for SMBus block read This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...

GSD-2022-1005715 Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag

Input: iforce - wake up after clearing IFORCEXMITRUNNING flag This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.142 by commit...

GSD-2022-1005557 video: fbdev: s3fb: Check the size of screen before memset_io()

video: fbdev: s3fb: Check the size of screen before memsetio This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

GSD-2022-1005349 scsi: sg: Allow waiting for commands to complete on removed device

scsi: sg: Allow waiting for commands to complete on removed device This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

GSD-2022-1005065 venus: pm_helpers: Fix warning in OPP during probe

venus: pmhelpers: Fix warning in OPP during probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

walkerbooks.com.au Cross Site Scripting vulnerability OBB-2922918

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86)

Custom shellcode stage. Listen for an IPv6 connection Windows x86 Module Options msf use payload/windows/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show and set options... msf payloadbindipv6tcp run...

Clinic's Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for clinics. a SQL injection vulnerability exists in Clinic's Patient Management System v1.0, which originates in /pms/ The id parameter in updatepatient.php lacks validation for external input SQL statements. An attacker could use...

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server Hostname"...

GHSA-7HFP-QFW3-5JXH Helm Vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

Cassandra Web File Read Vulnerability

This module exploits an unauthenticated directory traversal vulnerability in Cassandra Web 'Cassandra Web' version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module Module Options msf use...

New Prolexic Partner Megaport Now Live in Australia

As part of Akamai’s focus on serving local market needs, we are thrilled to announce new Prolexic connectivity options via Megaport Elastic Fabric in Australia...

suzukivision.com Cross Site Scripting vulnerability OBB-2867508

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

编号已被CVE保留

No details are available at this time...

edr.state.fl.us Cross Site Scripting vulnerability OBB-2865792

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-3488

...

CVE-2021-3670

MaxQueryDuration not honoured in Samba AD DC LDAP...