nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.
Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2020-4295-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
Bludit versions 3.9.2 and below bruteforce mitigation bypass exploit. Please visit the related homepage for deep dive details on usage.
Tiki Wiki CMS Groupware version 21.1 suffers from an authentication bypass vulnerability.
Libtaxii versions 1.1.117 and below and OpenTaxi versions 0.2.0 and below suffer from a server-side request forgery vulnerability.
Red Hat Security Advisory 2020-4264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Ubuntu Security Notice 4595-1 - It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code.
GOautodial version 4.0 suffers from a remote shell upload vulnerability.
Ubuntu Security Notice 4594-1 - It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service.
School Faculty Scheduling System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
School Faculty Scheduling System version 1.0 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2020-4299-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection, denial of service, and double free vulnerabilities.
Hrsale version 2.0.0 suffers from a local file inclusion vulnerability.
This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and WhitepapersПодписаться на лента Packetstorm Security