suricata-6.0.9-1.fc37
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
suricata-6.0.9-1.el9
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
suricata-6.0.9-1.fc36
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard.
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or information disclosure.
Posted by malvuln on Dec 13
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln
Threat: Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0)
Vulnerability: Insecure Proprietary Password Encryption
Family: CyberGate
Type: PE32
MD5: 618f28253d1268132a9f10819a6947f2
Vuln ID:…
Posted by Thomas Weber on Dec 13
CyberDanube Security Research 20221009-0
——————————————————————————-
title| Authenticated Command Injection
product| Intelbras WiFiber 120AC inMesh
vulnerable version| 1.1-220216
fixed version| 1-1-220826
CVE number| CVE-2022-40005
impact| High
…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 13
SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
=======================================================================
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAP® Host Agent (saposcol)
vulnerable version: see section “Vulnerable / tested versions”
fixed version: see SAP security note 3159736
CVE…
Posted by Andrey Stoykov on Dec 13
# Exploit Title: Shoplazza 1.1 – Stored Cross Site Scripting
# Exploit Author: Andrey Stoykov
# Software Link: https://github.com/Shoplazza/LifeStyle
# Version: 1.1
# Tested on: Ubuntu 20.04
Stored XSS #1:
To reproduce do the following:
1. Login as normal user account
2. Browse “Blog Posts” -> “Manage Blogs” -> “Add Blog Post”
3. Select “Title” and enter payload…
