The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.
2210b15f819271c6a55202eb862e9978ee5dcea5cb47625f5426dc464569ec4dZabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.
6f4704de4bcf1cffa3bdc31fb48a54c0bbd0e2a752f76897323a61d5406a6f59The Aastra 6753i IP Telephone suffers from a hardcoded telnetd administrative password.
62d1199d353ae991c9baaa62acd28e5797451f8295d39267e3a0f2c29067e7fbThe Aastra 6753i IP telephone uses 3DES encrypted payloads in ECB mode to pass configuration files, allowing for modification to the phone's set up.
37afa236f204f396a881ea999505cdbd4d8047d6b315beac681e7afeab78a829Guacamole 0.6.0 contains a trivial buffer overflow vulnerability that allows connected users to execute code with the privileges of the guacd daemon. In the Debian distribution the guacd 0.6.0-1 daemon runs as root and allows connections from unauthenticated users. However, it fortunately only listens on localhost by default. Proof of concept code included.
21c45827b31f9112a4a0c027ff900505880422add95028ba0827c3398244682f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed