Jacek Konieczny discovered a SQL injection vulnerability in the back-sql
backend to slapd in OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, allowing an attacker to alter the database
during an LDAP search operation when a specially crafted search filter
is processed.
Category Archives: Advisories
A Vulnerability in VMware Products Could Allow for Authentication Bypass
Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in Authentication Bypass.
VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 18
SEC Consult Vulnerability Lab Security Advisory < 20220518-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: SAP® Application Server
ABAP and ABAP® Platform (Different Software Components)
vulnerable version: see section “Vulnerable / tested versions”
fixed version: see SAP security notes…
PHPIPAM 1.4.4 – CVE-2021-46426
Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18
=====[ Tempest Security Intelligence – ADV-03/2022
]==========================
PHPIPAM – Version 1.4.4
Author: Rodolfo Tavares
Tempest Security Intelligence – Recife, Pernambuco – Brazil
=====[ Table of Contents ]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability Information…
LiquidFiles – 3.4.15 – Stored XSS – CVE-2021-30140
Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18
=====[ Tempest Security Intelligence – ADV-12/2021
]==========================
LiquidFiles – 3.4.15
Author: Rodolfo Tavares
Tempest Security Intelligence – Recife, Pernambuco – Brazil
=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability…
Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale!
Posted by malvuln on May 18
Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale!
github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains.
Posted by malvuln on May 18
Reference list for my Ransomware exploitation research. Lists current DLLs
I have seen to date that some ransomware search for, which I have used
successfully to hijack and intercept vulnerable strains executing arbitrary
code pre-encryption.
moodle-3.11.7-1.fc34
FEDORA-2022-bd4457bcc4
Packages in this update:
moodle-3.11.7-1.fc34
Update description:
Multiple CVE fixes.
moodle-3.11.7-1.fc35
FEDORA-2022-530fdc5202
Packages in this update:
moodle-3.11.7-1.fc35
Update description:
Multiple CVE fixes.
moodle-3.11.7-1.fc36
FEDORA-2022-89bfefbe48
Packages in this update:
moodle-3.11.7-1.fc36
Update description:
Multiple CVE fixes.