RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, and SSL-J contain a fix to address Lenstra's attack. RSA BSAFE Micro Edition Suite (MES) 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.1.3, RSA BSAFE Crypto-J 6.2.1, and RSA BSAFE SSL-J 6.2.1 are affected.

RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.

RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.

RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

This Metasploit module exploits a directory traversal in Huawei HG255.

This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.

Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.

DotNetNuke CMS version 9.4.4 suffers from zip split issue where a directory traversal attack can be performed to overwrite files or execute malicious code.

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.

Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.

LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability.

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability. This finding was originally discovered by Cody Sixteen.

TVT NVMS 1000 suffers from a directory traversal vulnerability.

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

HRSALE version 1.1.8 suffers from a cross site request forgery vulnerability.

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.

Easy Transfer version 1.7 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.

This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.

Script that performs RSA factorization attack using Fermat's algorithm.

This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack.

iFileExplorer Free for iPod Touch / iPhone version 2.8 suffers from a remote directory traversal vulnerability.

Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.

iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/.jsp on the target in order to trigger the payload and obtain a shell.

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

Warsaw already offers a skilled workforce and has improved its infrastructure – now it must focus on climate change and reducing congestion, mayor Rafał Trzaskowski tells fDi.

FDI into Brazil has increased by 66.48% in a little under two years. Jonathan Wildsmith reports.

BEST DEALS ON GAMING PCS:

• iBUYPOWER - Gaming Desktop - Intel Core i5-9400F— $849.99

• CyberPowerPC - Gamer Master Gaming Desktop— $799.99

• CyberPowerPC - Gaming Desktop - AMD Ryzen 3 2300X — $599.99

The popularity of gaming PCs has exploded in recent years. Sure, there are plenty of people who won’t abandoned their beloved consoles. But a large number of gaming enthusiasts have been shifting their attention. And with good reason. 

For starters, the games are cheaper and the breadth available is truly astounding. After all, console exclusives are (mostly) a thing of the past. You can use your PC to play the latest strategy and simulation games as well as the top offerings in eSports and first person shooters. Additionally, thanks to the PC’s open platform, you also have access to a wide array of wildly inventive independent games. No matter your penchant and preferences, you’re always guaranteed to find something that matches your mood, skill and desires. Read more...

Here at RenewableEnergyWorld.com, we pride ourselves on our active community of readers who click, share, and comment on the articles that we post every day. While we don’t always agree with their take on the pieces we post, we always value constructive feedback and the high quality discussion that sometimes ensues.

Check here each week to keep up with the latest from John MacArthur's pulpit at Grace Community Church.

Check here each week to keep up with the latest from John MacArthur's pulpit at Grace Community Church.