Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...

CVE-2020-14598

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite component: Setup of Mobile Applications. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2020-44278)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in the Setup of Mobil...

Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Security fix for the ALT Linux 10 package thunderbird version 68.10.0-alt1

July 13, 2020 Andrey Cherepanov 68.10.0-alt1 - New version 68.10.0. - Fixes: + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner +...

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44581)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary...

CVE-2020-15034

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter...

CVE-2020-15034

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter...

CVE-2020-15034

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter...

PT-2022-23927 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 16.28.0 and earlier, 17.x, 18.x through 18.14.0, and 19.x through 19.6.0 Description: The issue arises from an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE, which...

Key Elements for DDoS Detection, Mitigation and Analysis

Given today’s volatile DDoS threat landscape with attacks ranging from massive volumetric assaults to sophisticated and persistent application level threats, comprehensive protection is a must for online businesses. But what are the most important considerations for evaluating potential solutions...

Buffer overflow

Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables ...

CVE-2019-14062

Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables ...

WebPort 1.19.1 - (setup) Reflected Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://webport.se/ Software Link: https://webport.se/nedladdningar/ Version: v1.19.1 Tested on: Windows/Linux CVE-2019-12460...

Fedora 31 : roundcubemail (2020-2a1a6a8432)

RELEASE 1.4.6 - Installer: Fix regression in SMTP test section 7417 ---- RELEASE 1.4.5 - Fix bug in extracting required plugins from composer.json that led to spurious error in log 7364 - Fix so the database setup description is compatible with MySQL 8 7340 - Markasjunk: Fix regression in jsevent...

WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting

Exploit Title: WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting Date: 2019-05-30 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://webport.se/ Software Link: https://webport.se/nedladdningar/ Version: v1.19.1 Tested on: Windows/Linux CVE-2019-12460...

My Adventures Hacking the iParcelBox

ARCHIVED STORY My Adventures Hacking the iParcelBox By Sam Quinn · June 18, 2020 In 2019, McAfee Advanced Threat Research ATR disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their...

Treck TCP/IP DHCP Component Out-of-Bounds Read Vulnerability

Treck TCP/IP is a TCP Transmission Control Protocol/IP Internet Interconnection Protocol suite dedicated to embedded systems from Treck, Inc. Treck DHCP stack is a DHCP Dynamic Host Setup Protocol implementation for embedded systems from Treck, Inc. An out-of-bounds read vulnerability exists in t...

Updates to Snort setup guides

Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3. Thanks to community member Yaser for providing the updates. The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization sectio...