Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Faraday 3.18.1

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Packet Storm
Open in Source
#sql
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checked therefore an attacker can intercept the HTTP request and change it to a weak password.

Red Hat Security Advisory 2021-4134-01

Red Hat Security Advisory 2021-4134-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the /pentaho/webservices/userRoleListService and /pentaho/ServiceAction?action=SecurityDetails endpoints are not enforcing sufficient access controls. Specifically, an authenticated user can list all application usernames present in the Jackrabbit Repository.

Backdoor.Win32.Jokerdoor Buffer Overflow

Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.

Red Hat Security Advisory 2021-4130-01

Red Hat Security Advisory 2021-4130-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass

Pentaho Business Analytics and Pentaho Business Server versions 9.1 and below suffer from an authentication bypass vulnerability related to Spring APIs.

IBM Sterling B2B Integrator Cross Site Scripting

IBM Sterling B2B Integrator suffers from a cross site scripting vulnerability. Versions affected include 5.2.0.0 through 5.2.6.5_3, 6.0.0.0 through 6.0.3.4, and 6.1.0.0 through 6.1.0.2.