QEMU Guest Agent version 2.12.50 suffers from a denial of service vulnerability.
b12854edacb2fa3c3802ea55c15c6616phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.
eb2702b935164a2120d6eb7be48ae476phpLDAPadmin version 1.2.2 suffers from a server_id LDAP injection vulnerability.
80926eb5b3ab1b86753600249c8e99d2GreenCMS version 2.3.0603 suffers from a sensitive information disclosure vulnerability.
ecd355d0e5958d96b8b889b5395021d9phpMyAdmin version 4.8.1 suffers from an authenticated local file inclusion vulnerabilities.
afa380964419c4b6f6b9f6f2f215923dThis whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).
066966c0a18d2c6ee4c885c5fb48bd21Ubuntu Security Notice 3691-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.
ae063cd3b9c6e04321f83b5de454d2e7NewMark CMS version 2.1 suffers from a remote SQL injection vulnerability.
acf1c45f765e00a8cdcc0b917b63319dLFCMS version 3.7.0 suffers from an add user cross site request forgery vulnerability.
fddd0079e0d18eabf8816218468b3c0cOrchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.
3e04a3dc073e0a19729151e34ab842cbApache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.
41cb849d4d5d1e2396ab8315d6910c18TP-Link TL-WA850RE suffers from a remote command execution vulnerability.
dd86d6406e6555f8f31f532cfe144ae8Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
644beef393e8a481559e2ac1d14d98e8LFCMS version 3.7.0 suffers from an add administrator cross site request forgery vulnerability.
ed829dcb17d5904712a7b0e4006e26c5Mirasys DVMS Workstation versions 5.12.6 and below suffer from a path traversal vulnerability.
ae65ddada66109a6a95277fe522b105cDell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
6c11f1bc9ab032ba45ef40d9bb694a6fFreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.
1f6a78529b67d0c29228595a5402e4ecOpencart versions 3.0.2.0 and below suffer from a google_sitemap remote denial of service vulnerability.
7973225bf48d28a9d07972a7550c13c5ntp version 4.2.8p11 local buffer overflow proof of concept exploit.
2fd8ead2c4c5a791240661a169476a78VideoInsight WebClient version 5 suffers from a remote SQL injection vulnerability.
8b26d55ae2c6e6314fa16d851aa6620eRedis version 5.0 suffers from a denial of service vulnerability.
0673adb36c946b17ca82600f12480becMaDDash version 2.0.2 suffers from a directory listing disclosure vulnerability.
f0fb1d169e73ae2b0a5de650d778772eSlackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
5f95b683f49143b20ca8b521cb2f50ceDebian Linux Security Advisory 4232-1 - This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU.
a6b4e2a3380dbefdaab3f2a5274ae52bRed Hat Security Advisory 2018-1954-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.
1b453287b8ed5413c82d29332576df5c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed