This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and deliberately permits loading arbitrary shared libraries via dlopen().
4f6b3ffb38593e545a6d2b121f82db2cd943284427086d0cf851e6f78aa712bfAsterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.
f873e04bcb0eecc9597ab97c172b350143d8b4bc7a90a33fabc8192c71a4c519Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.
26735dd3956e23cd86d3bfd7f09cf45b7e07e2f91f84b5f91c48da4e3976b767Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.
96d2411683190b99bf76dad788720f5b886c567643bf4124f892badaecf39a31VMWare Horizon client version 5.4 suffers from a dll hijacking vulnerability.
05cb35186f2e5f6b2221c1ab68f277a67270ad790351e64db88411655e075325HP SimplePass versions 8.00.49, 8.00.57, and 8.01.46 suffers from a local privilege escalation vulnerability.
ed0ba43506d010e8c28aee71c085c7b2aa863c572c95d00e7bb69bb5b2d1abdbThis Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
5ff2902a3ec062393e0570fee4f1cc86ff341942ea0f0f52a2987780cddb68ecThis Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dacPegasus version 4.72 build 572 suffers from a mailto link remote code execution vulnerability.
4427731fa13b99b05e574e495f0ae5cbb93c76a5b78829b68f137b2e0bd8adefSecure Auditor version 3.0 suffers from a directory traversal vulnerability.
9e96947d550edd506262be8499d639f6170b5fd597c1c3c5b3b82e2f120658a4Microsoft Windows 7/2008 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.
a89834c93f1d470ef6476b4a640ac5f5403058b6205f6653a27aa9c7ac53d1f4Microsoft Windows 8/2012 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.
d2515a1e6d996e23c72bd9ad42e411a45def083377a039d3c6f773b7ebd85fbaThe Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability.
914600f2292f25a5648b2ad58ced49b43809bcd44e72b9d8a1f6176e284de9f6PlaySMS version 1.4 suffers from a remote code execution vulnerability.
3c8a63c95cb5cd39de2c05874efd2f98a9c719765b28143345cabc3ef991b525D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.
d2de4c1ec6d915ce30568940e60b15df8daef411482a245f56c00ebbe5c653baManageEngine ServiceDesk Plus version 9.0 suffers from an authentication bypass vulnerability.
0b8968d2eb45a073ca7bd4ac6b7249f163568b69dd319a79d314bac27cbd48d1SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability.
3257ec117b9ead701ce13e2ebd0d94106c6ccea7ddacfc94e55a7d5f53ba0456KMCIS CaseAware suffers from a cross site scripting vulnerability.
8ed17c56890bb941dc62c03f9ac26a10d3abf303ee137587b5a0126dd6299721Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.
19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169Kodak InSite versions 6.5. through 8.0 suffer from a cross site scripting vulnerability.
edfdb5072d2100ae5816327aa1047bf156b40a14eb41a16b1e0dfe93a6055864Belden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.
49d1717295169be58fe33b4c7d8306f29f0d9e8f045dbaf9cda485d36d3f2e48Oracle PeopleSoft suffers from an XML external injection vulnerability that allows for SYSTEM remote code execution.
8ea1552b5500186fdceab51a03b9a96efe05ec0e67c4fb4ae2ab5916f021c96aMicrosoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.
36f03383066ee290d05c378c215e41fa232689f697acdd92d4113874ffffea27Apple iOS versions prior to 10.3.2 suffer from a notifications API denial of service vulnerability.
29027c75a282ced872743a26249f8bc6a1222243f76ab7a6119a4c5ad36931cfMicrosoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.
7d9306b31056624843b7596903b03f2850b51e4cdcc0f3b35afc516f0af1bec5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed