35 matches found
swear (>=0.0.0 <=0.0.4), tcomb-view (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2022-25354 via set-in (=1.1.1)
set-in NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-in and may be impacted: - swear =0.0.0, =2.0.0, =0.0.0, =1.0.0 Source cves: CVE-2022-25354 Source advisory: OSV:GHSA-6956-83FG-5WC5...
Metasploit Wrap-Up
Two new Active Directory attacks This week we added a pair of new post-exploitation modules from community contributor timb-machine. Both modules target UNIX machines running SSSD or One Identity's Vintela Authentication Services VAS as Active Directory integration solutions. The new UNIX Gather...
UNIX Gather Kerberos Tickets
Post Module to obtain all kerberos tickets on the targeted UNIX machine. Module Options msf use post/multi/gather/unixkerberostickets msf postunixkerberostickets show actions ...actions... msf postunixkerberostickets set ACTION msf postunixkerberostickets show options ...show and set options... m...
UNIX Gather Cached AD Hashes
Post Module to obtain all cached AD hashes on the targeted UNIX machine. These can be cracked with John the Ripper JtR. Module Options msf use post/multi/gather/unixcachedadhashes msf postunixcachedadhashes show actions ...actions... msf postunixcachedadhashes set ACTION msf postunixcachedadhashe...
swear (>=0.0.0 <=0.0.4), tcomb-view (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2020-28273 via set-in (=1.1.1)
set-in NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-in and may be impacted: - swear =0.0.0, =2.0.0, =0.0.0, =1.0.0 Source cves: CVE-2020-28273 Source advisory: OSV:GHSA-QR4P-C9WR-PHR6...
Ring Jordan SQL Injection
RINGJORDAN SQL Injection Time-Line Vulnerability----------------------- 02-12-2013 Security Advisory No response-No FeedBack 12-12-2013 Full Disclosure I. VULNERABILITY------------------------- Title: RINGJORDAN SQL Injection Vendor:http://www.ringjordan.com/ Author:Juan Carlos García @secnight...
CVE-2011-1826
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server VAS before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2011-1825
Multiple cross-site scripting XSS vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server VAS before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Open redirect
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server VAS before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server VAS before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-1826
CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 is vulnerable to an open redirect in the Administrative Console due to insufficient filtering of a request parameter, enabling attackers to redirect users to arbitrary sites and facilitate phishing via crafted URLs. Affected prod...
CVE-2011-1825
CA Arcot WebFort Versatile Authentication Server (VAS) Administrative Console is affected by CVE-2011-1825, a set of XSS vulnerabilities due to insufficient handling of request parameters. Affects VAS versions prior to 6.2.5. The vulnerability allows remote attackers to inject arbitrary web scrip...
CVE-2011-1825
Multiple cross-site scripting XSS vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server VAS before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-1826
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server VAS before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server
-----BEGIN PGP SIGNED MESSAGE----- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Issued: April 26, 2011 CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist...