Ubuntu Security Notice 6785-1 - Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections.
ad37da10056aff526b9a741ed5a7299a8b4531fd429070e7779da440314f8600Ubuntu Security Notice 6783-1 - It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution.
74e3830e001942c2ddc6731929c011b922cbfa41a326dcc195908ced4f0613b9This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability.
7df90df7e75927e09777170cc36a4823a5062bc6e077056564aea5f7a6ba8b7fChat Bot version 1.0 suffers from a remote SQL injection vulnerability.
49ddf48680164af066978efabddac4f15a73ca97d2e553446260cc4ca68b75d9CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.
f57ebc1eae72783c36ac9e3df7805d9879e3d1ced0b8232ea872b32518252dceJoomla versions 4.2.8 and below remote unauthenticated information disclosure exploit.
626134242ae4ae7b4c28853f3d05cf44659ed92ca2ceb96b914b80675d522cdcTenant Limited version 1.0 suffers from a remote SQL injection vulnerability.
13e600b96629ae331bea16a5e73e10163b6351de44d850fb788d57cb33492417WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability.
477997916de186d3ba832ceed8e646fa8511ebfa7176c3c099d15df6b80d4ea2Backdrop CMS version 1.27.1 suffers from a remote command execution vulnerability.
707db64b489094cceb71c8280d7c7e3cdd4d55c06c3fc171b402d3dbf8f0c251PopojiCMS version 2.0.1 remote command execution exploit that requires an administrative login. This vulnerability was originally reported by tmrswrr in November of 2023.
0793753c218491dd6a931313f9bc9e153220431ab9d36e397a9a5a8f56951454Ubuntu Security Notice 6773-1 - It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service.
8d23913998e943cb3534c4ca901b26824fd43968abb8ff4582f8aa5e31563feaPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
dc9ab73b79418585b668d244f407f6cd9a78dd8ff320ab154ad23408925b7b32Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.
86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937Ubuntu Security Notice 6772-1 - Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.
590fa84cad23748ca02289e6f9530d990b8eb44ed69567c869b7a9030e59d269Prison Management System Using PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e69f0a647f9409afaeb28fca9549b65a8f171f0f00a1d280a8d677cfdf0704eeGentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected.
3283b7e266237a6df6b8dc58a8f3b51eb90071121c21462cfd91730f52a3efb9Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability.
23c5d126d6744f4ca5ca7cb92f2a3a88c17df81ab9f24fd93329abb2706e0378Gentoo Linux Security Advisory 202405-24 - Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution. Versions greater than or equal to 2.0 are affected.
f773c0416c2314301424eef8ca3e6ea1f69246934de6a31f00bcad58e89121c0Ubuntu Security Notice 6754-2 - USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
a626406c69b2c3819d9892a59563e91ef3909ded6eee46f3085c5cbec0e0e54bUbuntu Security Notice 6765-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
42046ab3e597891b35376f855bb093f99f7b85199aebb9184d7401f3b4fa1f10POMS PHP version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
6fbd9b24154b7a82bd33b970bc8f205aec51838beab9dfdcd8c402c4bc2fe213Kortex version 1.0 suffers from a remote SQL injection vulnerability.
a16f4013115276b1f531688e40762325affcbf56e829fa0b4b9a3e3651bbef0dGentoo Linux Security Advisory 204205-17 - Multiple vulnerabilities have been discovered in glibc, the worst of which could lead to remote code execution. Versions greater than or equal to 2.38-r13 are affected.
59ebb83094c9df05efeed10a6aa6e35b5fda337b12c4951e356174b8c268ab51Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected.
7f322fd49353c7dc30ad72c75bda0f014790e3f0929a1b292d08c8aea0d57b2dGentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected.
126f3596099d2881a7490a64663b9d1583ba0463ce17ff35167d48f6edff1d12
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed