Tag
#ssl
WebTareas version 2.4 suffers from a remote shell upload vulnerability.
Atom CMS version 2.0 suffers from a remote SQL injection vulnerability. Original discovery of this issue in this version is attributed to Luca Cuzzolin in February of 2022.
Aero CMS version 0.l0.1 remote shell upload exploit. Original discovery of this issue in this version is attributed to D4rkP0w4r in April of 2022.
Aero CMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities. Original discovery of this issue in this version is attributed to nu11secur1ty in August of 2022.
Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.
Desktop Central version 9.1.0 suffers from crlf injection, and server-side request forgery vulnerabilities.
By Waqas The CEO of Latitude Financial, Ahmed Fahour, has expressed disappointment in the incident and apologized unreservedly to customers. This is a post from HackRead.com Read the original post: Latitude Financial Data Breach: 14 Million Customers Affected
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.
OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin (Google) for reporting this issue.
`SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin (Google) for reporting this issue.