EUVD-2003-0101

Malware in sbrugna...

EUVD-2021-28647

Malicious code in bioql PyPI...

pentestdb

This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

edk2: Buffer overflow in the DHCPv6 client via a long Server ID option

A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...

UltiDev Cassini Detection (HTTP)

HTTP based detection of UltiDev Cassini. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.126424";...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3693-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3693-1 advisory. - In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to...

CVE-2022-40141

A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server...

PT-2022-25241 · Trend Micro · Trend Micro Apex One +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One and Apex One as a Service affected versions not specified Description: A vulnerability could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-028 (ALASKERNEL-5.4-2022-028)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-028 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for...

Security Bulletin: Two vulnerabilities in WAS Liberty affect IBM Transformation Extender Advanced and IBM Standards Processing Engine (CVE-2016-0378 and CVE-2016-5986)

Summary Two vulnerabilities have been found in WAS Liberty, which is shipped in IBM Transforation Extender Advanced and IBM Standards Processing Engine. IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions...

Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-5986

Summary A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center. IBM WebSphere Application Server and IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the improper...

Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-5986)

Summary IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2016-5986 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitiv...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2016-0378, CVE-2016-5983 and CVE-2016-5986)

Summary There are vulnerabilities in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite. Those issues were disclosed as part of the IBM WebSphere Application Server Liberty updates and it includes all vulnerabilities details. Vulnerability Details CVEID:...

Mail.ru: XSS on account.mail.ru/login

Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...

IBM WebSphere Application Server Information Disclosure Vulnerability (swg21990056)

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Lync Server Detection (HTTP)

The script sends a HTTP request to the server and attempts to identify Microsoft Lync Server. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

IBM Endpoint Manager Web Detection (HTTP)

The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

DNS Server Fingerprinting

This script attempts to identify the remote DNS server type and version by sending various invalid requests to the remote DNS server and analyzing the error codes returned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script is a very crude attempt at doing DNS fingerprinting...

HTTP Server Type and Version

This plugin attempts to determine the type and the version of the remote web server. Copyright 2000 by Hendrik Scholz @@NOTE: The output of this plugin should not be changed Changes by Tenable: - Revised plugin title 10/08/10 - Removed use of deprecated functions 01/16/2018 - Fixed various regula...