WinFTP 2.3.0 NLST Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WinFTP 2.3.0 NLST Denial of Service', 'Description' = %q This module is a very rough port of Julien Bedard's PoC. You need a valid login, but eve...

Titan FTP Server 6.26.630 SITE WHO Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Titan FTP Server 6.26.630 SITE WHO DoS', 'Description' = %q The Titan FTP server v6.26 build 630 can be DoS'd by issuing "SITE WHO". You need a...

Guild FTPd 0.999.8.11/0.999.14 Heap Corruption

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Guild FTPd 0.999.8.11/0.999.14 Heap Corruption', 'Description' = %q Guild FTPd 0.999.8.11 and 0.999.14 are vulnerable to heap corruption. You nee...

UoW Pop2d Remote File Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UoW pop2d Remote File Retrieval Vulnerability', 'Description' = %q This module exploits a vulnerability in the FOLD command of the University of...

PT-2024-40253 · Adyen · Adyen

Name of the Vulnerable Software and Affected Versions: Adyen affected versions not specified Description: The issue concerns the is valid hmac and is valid hmac notification methods, which are vulnerable to a timing attack. To mitigate this, it is recommended to compare the hash of the HMACs...

Basecamp: Critical Data Breach - Big Data for all domains

The researcher provided an Excel sheet that appeared to be a dump of a breach database. The origin of the data entries in the database was unclear. A small number of valid HEY accounts with enabled 2FA were found, as well as a slightly larger number of other product accounts with valid passwords...

PT-2024-5854 · Cisco · Cisco Application Policy Infrastructure Controller

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller APIC affected versions not specified Description: A vulnerability in the restricted security domain implementation could allow an authenticated, remote attacker to modify the behavior of...

CVE-2024-42559

CVE-2024-42559 affects Hotel Management System (commit 79d688). The vulnerability resides in the login component (process_login.php) allowing attackers to authenticate without a valid password, impacting confidentiality, integrity, and availability; CVSSv3.1 base score 9.8 (NETWORK, HIGH impact)....

CVE-2024-41733

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...

PT-2024-29621 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue affects Apache Answer, where a user can send multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link...

CVE-2024-40480

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access...

CVE-2024-6891

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...

PT-2024-37932 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. This issue allows for the...

SUSE CVE-2024-41055

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

CVE-2024-41083 netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfspagemkwrite to check folio-mapping is valid Fix netfspagemkwrite to check that folio-mapping is valid once it has taken the folio lock as filemappagemkwrite does. Without this, generic/247 occasionally oopses with...

DEBIAN-CVE-2024-41055

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

UBUNTU-CVE-2024-41055

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

GHSA-875X-G8P7-5W27 The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames

Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the allowedCredentials property i...

PT-2024-8671 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S4 Junos OS versions 21.4 prior to 21.4R2 Junos OS versions 22.2 prior to 22.2R3-S2 Junos OS Evolved versions prior to 21.2R3-S8-EVO Junos OS Evolved versions 21.4 prior to 21.4R2-EVO Description: An Improper...

kernel: wifi: mac80211: fix potential sta-link leak

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet e.g. during connection to an AP MLD, we might remove the station without ever marking links valid, and leak them. F...