Packet Storm

Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.

pgAdmin versions 8.4 and earlier are affected by a remote reverse connection execution vulnerability via the binary path validation API.

SPIP version 4.2.7 suffers from a code execution vulnerability.

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

Hostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.

File Management System version 1.0 suffers from a cross site request forgery vulnerability.

Faculty Evaluation System version 1.0 suffers from a cross site request forgery vulnerability.

eClass LMS version 6.2.0 suffers from a remote shell upload vulnerability.

Free Hospital Management System for Small Practices version 1.0 suffers from a cross site request forgery vulnerability.

This Metasploit module uses a dictionary to brute force valid usernames from Cerberus FTP server via SFTP. This issue affects all versions of the software older than 6.0.9.0 or 7.0.0.2 and is caused by a discrepancy in the way the SSH service handles failed logins for valid and invalid users. This issue was discovered by Steve Embling.