This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.
4066544895b5150487b562aeb10cbead4ed40ccc1b2880b31c05f426293dbef2Ubuntu Security Notice 5250-2 - USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
1d22e7fac1daa8e5ea3208097eff6521c29300f346c371e518e83be99e27adfbEthercreative Logs plugin versions 3.0.3 and below for Craft CMS suffer from a path traversal vulnerability.
87f572c315e9b125698a490498f1baf715e21bedd53fb3675102015ce8c2e3baRed Hat Security Advisory 2022-0246-04 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
ac685f0ee1416a81c17a3920f8990f34fd0bed2044d014166ed19445dfeee9deCosaNostra Builder WebPanel malware suffers from a cross site request forgery vulnerability.
ec4fcd3bb27459e79c9e2f4ec1eb45d3e4579f658838791c68981192a5cb2575uBidAuction version 2.0.1 suffers from a cross site scripting vulnerability.
a1f0a79b34e97ab696164e8135f25f2980a0c68d864191821a9fba8dd5352cf1Red Hat Security Advisory 2022-0229-02 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
793b4c7ec8eb14e3b901e21548626bf3098cc89a39f84a84d7e26aac0d764f93Land Software's FAUST iServer versions 9.0.017.017.1-3 through 9.0.018.018.4 suffer from a local file inclusion vulnerability.
1940c0374c57a3ce5c29fb1b1586c473fe48cd03993e507d365564b0b210c462CosaNostra Builder WebPanel malware only uses straight MD5 to store passwords without any salt.
a1cb43b8fdf7fe4d67d73fbe81a9a875b8bc704f025788ffea568a290c5775f1Red Hat Security Advisory 2022-0166-03 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
540c32042cb9802dbe095c212b0cdee9a7b4f8a9166eb6a5c4fb59d752d86af9Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload.
c5ca25038e516f362471c55d2acef950d200acca71cb6d5265ab1c2ea3227c3bRed Hat Security Advisory 2022-0254-03 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
da1bfa6d46bd6466de03cbf646bf958121c32d1cd4a28ca17e40cc8d7160b4a6CosaNostra Builder malware suffers from an insecure permissions vulnerability.
6ac2d987dd89e8d52954e26a83c2885d18e6c66d1f4376b26089db79e278495bBackdoor.Win32.DRA.c malware suffers from a weak hardcoded password vulnerability.
8ac6e0f0491c3315cd717405fe701d71e9974b71a446611339cceb86e28e943dThe 27th European Symposium on Research in Computer Security (ESORICS) 2022 call for papers has been announced. It will take place September 26th through the 30th, 2022, in Copenhagen, Denmark.
d6d561f5decef2aeebfa90197d0283329d02bb79413abb4a528024c02cec78afUbuntu Security Notice 5250-1 - Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
71f8b5b0f86bc72d7ae02ec7dbfb0ae317f210f58114b49aedd4361de253aebcAmetys CMS version 4.4.1 suffers from a cross site scripting vulnerability.
53cfbeebda25093c06c4fc2ed43478b187a9bc4974a56a47c14c2c76d9ad3731Red Hat Security Advisory 2022-0228-02 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
dc2544ca79442c3f603f97989f56e68867e4255518b7b315692456349d0c241fAlps Alpine Touchpad driver suffers from a dll injection vulnerability.
8a5bbdb36c3ba3e4aa67e43c3f7bfe849e35aa3ef02f9a3085254e9bd2a6a77eBackdoor.Win32.FTP.Lana.01.d malware suffers from a man-in-the-middle vulnerability.
f307eaf87c20e28d8c6500b13506ded27f63a1d83ad0d0e9500a657db816ef48Online Project Time Management System version 1.0 suffers from an authenticated remote SQL injection vulnerability.
ade515d0c4929c276a3ee1ea165987af8722b6650bbb422e432a423f1f89d1b7Red Hat Security Advisory 2022-0165-03 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
8349f1c28d93710623fdf691c01ffcbea5a8e3831731762ee57a8f116996d58bBackdoor.Win32.FTP.Lana.01.d malware suffers from having a weak hardcoded password.
da53a87f6fb918f775f7ca04cab85afb0f8d0d1d3c7f2263a2aca53f629e8ce8Backdoor.Win32.Hanuman.b malware suffers from a code execution vulnerability.
ff345597cbe04f8efb611d4df1a9c1a4c94d4c56339b34cb48bddeb8683bdfb4WebACMS version 2.1.0 suffers from a cross site scripting vulnerability.
6e22d1940828e4c457520ea425676dbc1e4ff812d2bc11a71638f4a102722c6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed