CVE-2020-15841

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature...

CVE-2020-2673

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

It is an exploit module targeting a vulnerability in a specific...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

A tale of enumeration, and why pen testing can’t be automated

TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames and passwords That file gave us access to the client’s ArcGIS instance This contained a treasure trove of information abou...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

FreeBSD : nginx-devel -- SSL session reuse vulnerability (9761af78-e3e4-11ef-9f4a-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9761af78-e3e4-11ef-9f4a-589cfc10a551 advisory. The nginx development team reports: This update fixes the SSL session reuse vulnerability. Tenable has...

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

RHEL 9 : mariadb:10.11 (RHSA-2025:0912)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0912 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: Client: mysqldump unspecifie...

Ivanti Connect Secure HTTP Scanner

This module will perform authentication scanning against Ivanti Connect Secure Module Options msf use auxiliary/scanner/ivanti/loginscanner msf auxiliaryloginscanner show actions ...actions... msf auxiliaryloginscanner set ACTION msf auxiliaryloginscanner show options ...show and set options... m...

SUSE-SU-2025:0338-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 January 2025 CPU Security fixes: - CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: - JDK-8224624: Inefficiencies in CodeStrings::addcomment cause - timeouts - JDK-822504...

CentOS 9 : kernel-5.14.0-559.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-559.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current...

Security Updates for Microsoft Outlook Products C2R (January 2025)

The Microsoft Outlook Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:. inurl:web/teacherapp .:. Date:Jan 20, 2025 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://myschool-system.com/ .:. Vendor...

cvex

cvex A curated repository dedicated t...

Ubuntu 24.10 : rsync vulnerabilities (USN-7206-3)

The remote Ubuntu 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7206-3 advisory. USN-7206-1 fixed vulnerabilities in Ubuntu 14.04 LTS to Ubuntu 24.04 LTS. This update provides the corresponding updates for Ubuntu 24.10. Tenable has...

Fedora 40 : mediawiki (2025-11277f6779)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-11277f6779 advisory. https://lists.wikimedia.org/hyperkitty/list/wikitech- [email protected]/thread/PFTE5RHUERS6KTUGGRZO7XXV5THNJ77E/...

Fedora 41 : mediawiki (2025-25b16d6561)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-25b16d6561 advisory. https://lists.wikimedia.org/hyperkitty/list/wikitech- [email protected]/thread/PFTE5RHUERS6KTUGGRZO7XXV5THNJ77E/...