PaperCut NG/MG version 22.0.4 remote code execution exploit.
1539d637da722a1ee7e83cceb9ee205cf15d43f93160ae5fe247b21150b68f96Sentry version 8.2.0 suffers from a remote code execution vulnerability.
249a158d8d8fa5fc36aa401e15b178e9c7c839ad3d347fa1790f3273f16a0db9WordPress Survey and Poll plugin version 1.5.7.3 suffers from a remote SQL injection vulnerability.
129fb47ac28160addde015299133df4a0bd8911d83a61bdced0936ef548d2245GitLab version 11.4.7 authenticated remote code execution exploit.
a366323b7d7d1eea7a69c2b0ccda38033cdfe86c919d53827d40042fd3be1f7dTVT NVMS 1000 suffers from a directory traversal vulnerability.
2923a9669c7e61abeb52bfe3a242caed49ec5d9e3c54eb57d7fc565fcc5534ecAn issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
506feee71f53fac76413f6d8f5b4cad88bddee539003ffcdf0c54f19b9a741ecsudo version 1.8.28 suffers from a security bypass vulnerability.
ec35a5c3501bc30592776b4e452cfc692b4f63c07d8cfcfbaac9a2658edd5f5a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed