openSIS versions 4.5 through 5.2 suffer from a remote PHP code injection vulnerability.
42dccb85d42a4ca8903f8b7a25053348c82f5e5ee560bdeb03a693bb4e662dc7This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution.
d0b74701fcce7e5090f2395e4b4a21fcfa54889e063c8a4e83ccc622ec119735BoxBilling suffers from a stored cross site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.6.11 is affected.
79655606b0994b8eb520f94b90ad44a33cf34d99fec9a3b40c90c49f32d15dafUbuntu Security Notice 2049-1 - Miroslav Vadkerti discovered a flaw in how the permissions for network sysctls are handled in the Linux kernel. An unprivileged local user could exploit this flaw to have privileged access to files in /proc/sys/net/. A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Various other issues were also addressed.
5f701e0e3991e00d556fe8c036cde5af0ea754679c09eefb7bdf25b931207b4cUbuntu Security Notice 2050-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
8821a1515b5d3a83f986d1b491a7a02d59ae5030a01c256ab95e438a8e7d158aGentoo Linux Security Advisory 201312-5 - Multiple vulnerabilities have been found in SWI-Prolog which allow attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 6.2.5 are affected.
b966245694827009ec4e3cd7795b691c5bf39e9dd54ef8c71d9a5da1bf9405a3Ubuntu Security Notice 2048-2 - USN-2048-1 fixed a vulnerability in curl. The security fix uncovered a bug in the curl command line tool which resulted in the --insecure (-k) option not working as intended. This update fixes the problem. Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.
4474e8d60c223858b9729fdccef9ea6ae4c37bbe6d2c78b8eb1b1a1724900127Zimbra suffers from a local file inclusion vulnerability that allows for privilege escalation.
2659a0a1825bb2dd6a41d50e5742d79152cff966d71b0b2cf147ea01d1e3ecdbEaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding.
b6f02d2307906d45fffd57eaf354dfdd170be53826413e1efdb4d4d58e269c8dThis is a brief overview of the unauthenticated non-persistent remote root shell vulnerability in various D-Link DSR routers. Versions affected include D-Link DSR-150 (Firmware < v1.08B44), D-Link DSR-150N (Firmware < v1.05B64), D-Link DSR-250 and DSR-250N (Firmware < v1.08B44), D-Link DSR-500 and DSR-500N (Firmware < v1.08B77), D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77).
de55e4448a4bec277f8621aefbf5e5ac01929a5f13a3f4b74cc2b5712046d40eD-Link DSR router series remote root shell exploit. Versions affected include D-Link DSR-150 (Firmware < v1.08B44), D-Link DSR-150N (Firmware < v1.05B64), D-Link DSR-250 and DSR-250N (Firmware < v1.08B44), D-Link DSR-500 and DSR-500N (Firmware < v1.08B77), D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77).
0ddcd599410d5c9d4349753fb1f66fbb2cd3e9606f56a18a28615b7d3f5dd814WordPress DZS Video Gallery version 3.1.3 suffers from a remote file disclosure vulnerability.
7ac0fabd0765512ea8bd5c5c0a08c5da95bc31ec13aec2497b809e6306320323WordPress Page Flip Image Gallery plugin suffers from a remote shell upload vulnerability.
5cea65720b786bc3c060b33d2c65dfd3cd4d87af8bff8fabef4ba7edde5ae817VMware Security Advisory 2013-0015 - VMware has updated several third party libraries in ESX that address multiple security vulnerabilities.
9cbb7e964e769cddfce1c1997789d4b756c22716732fb468d12565b5df47420d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed