Tussendoor Internet & Marketing Security Vulnerabilities

CIS Manager 'email' Parameter SQL Injection Vulnerability

CIS Manager is prone to an SQL injection (SQLi)...

Windows 2008 October 2017 Multiple Security Updates (KRACK)

The remote Windows host is missing multiple security updates released on 2017/10/10. It is, therefore, affected by multiple vulnerabilities : A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An...

CVE-2023-22049

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,.....

Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

CVE-2023-21930

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

CVE-2023-21930

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157980)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157980 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are...

Microsoft Unveils Enhanced Security Features for Internet Explorer 9

Microsoft has detailed new security features for Internet Explorer 9 (IE9) that will help users prevent sites from tracking their activity across browsing sessions. The new feature, set to launch with the first release candidate of IE9 early next year, uses a list to control which third-party...

KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update

The remote Windows host is missing security update KB4019472. It is, therefore, affected by multiple vulnerabilities : A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to...

CVE-2007-3550

Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification.....

Quicktime/Darwin 4.1.x Streaming Administration Server 'parse_xml.cgi' Multiple Vulnerabilities

QuickTime/Darwin streaming administration server is prone to multiple...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.5)

The version of AOS installed on the remote host is prior to 5.20.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.5 advisory. In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form...

Exploit for Code Injection in Crushftp

CVE-2024-4040-RCE-POC CVE-2024-4040 (CrushFTP VFS escape) or...

RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2024:2101)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2101 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

CVE-2023-22049

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,.....

CVE-2023-41893

Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirect_uri and client_id are alterable when logging in. Consequently, the code parameter utilized to fetch the access_token post-authentication will be sent to the URL specified in the aforementioned...

(RHSA-2024:2101) Low: Red Hat Satellite Client bug fix and security update

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...

EnvíaloSimple <= 2.4 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

KB4467106: Windows 7 and Windows Server 2008 R2 November 2018 Security Update

The remote Windows host is missing security update 4467106 or cumulative update 4467107. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The...

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The...

CVE-2024-21085

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

RHEL 6 / 7 / 8 / 9 : Satellite Client Async Security Update (Important) (RHSA-2024:2011)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2011 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-123f2b3666)

The remote host is missing an update for...

Microsoft Windows Multiple Vulnerabilities (KB4534306)

This host is missing a critical security update according to Microsoft...

Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-f3e0255c75)

The remote host is missing an update for...

Microsoft Windows Multiple Vulnerabilities (KB4550930)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4534271)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4571736)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4571729)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4556826)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB5000802)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4534273)

This host is missing a critical security update according to Microsoft...

KLA11084 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code and obtain sensitive information. Below is a complete list of...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Exploit for Code Injection in Provectus Ui

CVE-2023-52251-POC There is a Remote Code Execution...

Exploit for Command Injection in Paloaltonetworks Pan-Os

PAN-OS Firewall Exploit Script This script is designed to...

iSCSI Unauthenticated Target Detection

One or more of the iSCSI (Internet Small Computer Systems Interface) targets on the remote host are configured not to use an authentication mechanism, potentially allowing unauthorized access to the...

Windows Server 2012 May 2017 Security Updates

The remote Windows host is missing security update 4019214 or cumulative update 4019216. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit...

Fedora: Security Advisory for clamav (FEDORA-2024-1a79c2ef63)

The remote host is missing an update for...

Fedora: Security Advisory for clamav (FEDORA-2024-92b8ac25a5)

The remote host is missing an update for...

Fedora: Security Advisory for libcoap (FEDORA-2024-75863445ff)

The remote host is missing an update for...

KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update

The remote Windows host is missing security update 4338823 or cumulative update 4338818. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. ...

Fedora: Security Advisory for clamav (FEDORA-2024-34474f346b)

The remote host is missing an update for...

Fedora: Security Advisory for libcoap (FEDORA-2024-450b75e4a0)

The remote host is missing an update for...

Exploit for OS Command Injection in Cacti

Command injection vulnerability in Cacti (CVE-2023-39362) -...

Moxa Device Manager Gateway Detection

The remote service appears to be a Moxa Device Manager (MDM) Gateway. Moxa makes embedded computers for industrial applications, and their MDM Gateway product supports remote management of those computers through the...

Internet-Based Crime Rises to 11%, Nearing Traditional Theft Rates

Americans are nearly as likely to be victimized by Internet-based crime as by other forms of nonviolent theft. This perception emerges from a recent survey on crimes committed against individuals and their families. According to a Gallup Poll released Monday, 11% of American adults reported that...

Microsoft Windows Multiple Vulnerabilities (KB4528760)

This host is missing a critical security update according to Microsoft...

EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated...

CVE-2024-3095

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....