Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
31166839dd976fb13f0b4dbd232274dc5adcbdb22f6e4157c52f92b68f799311Ubuntu Security Notice 7021-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
e949f3273efd091048f5d71881f2c7b452f9ff4168a1a80c84222cd196ba45c1Ubuntu Security Notice 7020-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
8bd17f2619f175659c888a248448a6b11ad2dd4cd57793413f87d6ff0ebf03d3Online Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbdUbuntu Security Notice 7019-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
896effafd923d1de3290843acdecad88190e552d3dbe3db65ed560f5e511dd7aDebian Linux Security Advisory 5772-1 - Yufan You discovered that Libreoffice's handling of documents based on ZIP archives was susceptible to spoofing attacks when the repair mode attempts to address a malformed archive structure.
18dfdc4d2a3cb0f1b3ab7cdbfff7c30a72fd566aa85476c85c16480b7d706aa4Backdoor.Win32.CCInvader.10 malware suffers from a bypass vulnerability.
7f8fbab739d2fc6fb8f975250a5f1be05abc1adfae0b192591971bf6f66b9101Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678eBackdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.
145f23a8746541655af47b6cc26039a64ce706d01053710c1a2fcdd7dc5aa7a8Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
587acc1f444243f9ef3c25e4d1de8aecbfcae8208b00502e26bf42e93ab7624cDebian Linux Security Advisory 5771-1 - Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.
1049496f29954214697205ebd4565fdbae36dcd02f1494f9dedfe7f85844e0dcDebian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.
c1619153de1b5b70d0c75d33d3807ae59a0796df1edfa06f7f54ce8a562d5941Ubuntu Security Notice 7000-2 - USN-7000-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 22.04 LTS. Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
59bf3b6ef3d66bb680edf070eb8e73bfa69b84933ee4e951d7c495cad067f15cOnline Exam System version 1.0 suffers from an ignored default credential vulnerability.
334bf4bade0494de08909a3410e621223fa30f288581d2a97ef3a411eb7d1432Online Bus Ticket Booking Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
07cf01fe4d4e0156b5b9d3867b0d730760e244d75733bd6a21e9831bb21eb671Nipah Virus Testing Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
002fc73bbeed6a4576cfdb9982299838050b0bbc1adfeda7fc7c091a4c710fb3Ubuntu Security Notice 7017-1 - Iggy Frankovic discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.
5de28707d33411664b92640aa20a05b15c3f1883532c98f677b861e05322fb02Ubuntu Security Notice 7016-1 - Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
c16b067412f887ca443d01cd624f103aea4a4b7ba0c3c6ee59cf33092e6de7a9Membership Management System version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6a15cdedf00f0b752cebff83c346b7c042814e903684ee4884b3896ad044391bHYSCALE System version 1.9 suffers from add administrator and cross site request forgery vulnerabilities.
be1be6516ccdabbe67428de5ef0e49fca374004dda69f00f5fe8c675baa3d990Furniture Master version 2 suffers from a remote SQL injection vulnerability.
de62e37b3de6cb06ff4294692fa90d5dbfd158a0153c79993900f1fcc28b6789Food Ordering and Table Reservation System for Restaurants version 1.0 suffers from an ignored default credential vulnerability.
bc2fab72834ac56fe6948d05d57dea4c287fd8500fe999daf8cd8d910200f7a3Beauty Parlour and Saloon Management System version 1.1 suffers from an ignored default credential vulnerability.
d6660c1c6980ef3268d1a22cf2f264a4cca0ec4b56c1477c7fef4007d4b6424aCVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
a4e521839032a10c16e91b79eb43b6f9620dcc27482be434b0d2b62d5ac92e66This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default. The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.
6e09b750ae1a9a0b2b8f3c6e3aa95c6c27115a13bd3431b2f9fa3155e9f1d346
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed