The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the authorization header, leading to the vulnerability. All router firmware versions up to V1.0.1.3442 are vulnerable. Attackers can inject a command in the password parameter, encoded in base64, to exploit the command injection vulnerability. When exploited, this can lead to unauthorized command execution, potentially allowing the attacker to take control of the router.
f8530a1d3ff4ead792c8fb4ffb1004e3ddfa57f26304dc3028746bbd99c79dbdEdu-Sharing suffers from an arbitrary file upload vulnerability. Versions below 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 are affected.
c90a369f9e92e190de24d8035bc4ae4e56c58d29c471e9653ffa0e568fcee57eGentoo Linux Security Advisory 202406-5 - Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution. Versions greater than or equal to 3.08 are affected.
f08b8c35b2a71526cee24ca781a21367d0ebef71f13e4f0c31d6ddb404031571Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.
5a00e99e4ec518f24201acea96a1dcb4d6db6416194728731ef2a786a76bf4efFlatboard version 3.2 suffers from a persistent cross site scripting vulnerability.
219357d7f08636e31a5e04cf4c5eacdc2e724a224d82b37b34b7040e003fe8d5Gentoo Linux Security Advisory 202406-3 - A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code. Versions greater than or equal to 6.6.3.1 are affected.
18693c2f431f2f97001cda25531c548b88f23d78ab069590b1438c6536b464cfCarbon Forum version 5.9.0 suffers from access control, cross site request forgery, file upload, outdated library, and remote SQL injection vulnerabilities.
cba504421b68519aaed702319b854c39235fc60743041d75670a496471266424jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
ceb6ca2287f504c38f9587d2e3b3d4bd933bb43cf78256f23d26c9dcd6761a89Gentoo Linux Security Advisory 202406-2 - A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. Versions greater than or equal to 1.14.6 are affected.
20c3c2efefe645abf80b458098c6f027b1f50f0c373d76fad628647b587e7eb6Gentoo Linux Security Advisory 202406-1 - A vulnerability has been discovered in GLib, which can lead to privilege escalation. Versions greater than or equal to 2.78.6 are affected.
558122bd0f3748b5d44a9c476c9a38d5b7db1d46a92020e51696f0cd6d71925dStudent Attendance Management System version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.
24a3ddbd3a66ebcf49ec8f23556b3c7c395f230971ab16fde259a7afee0a40a3Red Hat Security Advisory 2024-4058-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.
c9dda84899f811fb7b2a629ce33c86955d06069085858d3282fd1098c357dd0dRed Hat Security Advisory 2024-4057-03 - Release of OpenShift Serverless Logic 1.33.0. Issues addressed include cross site scripting and denial of service vulnerabilities.
68314117cd947ce031325efcf1691e33cd733d49701f9712ea20e953079252a1Red Hat Security Advisory 2024-4054-03 - An update for python-gunicorn is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a HTTP request smuggling vulnerability.
006d45abb3ce55a9d1c68e005d600d4cd88219e32a395eb6e15c678a65b0eceeRed Hat Security Advisory 2024-4053-03 - An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2. Issues addressed include an information leakage vulnerability.
7bddb16234e4480f1da029a7e880892df709f692fee0a83d970d1226429a75d3Red Hat Security Advisory 2024-4052-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
bef8716840f726ad4db8013259680a9bc10b7bf67a3eed93e2ee19822ba27eceRed Hat Security Advisory 2024-4051-03 - An update for pki-core is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.
8b591a46545d2fc346df180b5df166dcd267d6d13cffe63c0f7ba458e7eff4f4Red Hat Security Advisory 2024-4050-03 - An update for libreswan is now available for Red Hat Enterprise Linux 9.
d7e10b571a3afc229ee4866450c9bd92350de446e2e18b80fb1171c31dbe25e1Paradox IP150 Internet Module version 1.40.00 suffers from a cross site request forgery vulnerability.
9e102cbe93f6192c8caedc9ff1e998a3150ce7386317dc22ddbf5e4b3f736fbf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed