Various Mimosa products suffer from denial of service, information leakage, code execution, and file disclosure vulnerabilities.
7a6b33948781fb136bf41b92bc58cc0a1e46942a8f3b19bcf9a9eab576873d05This whitepaper discussing using the Domain Name System (DNS) to communicate with hosts in separated networks using the open source tool outis.
b80a12fb08a3e41b01426c53ccc36da0740600c07d28ac9af4caec8e24dad1e2Red Hat Security Advisory 2017-1230-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection.
b65e6e58ed27babdee15105ea19a10437baad7a98432bf586ba47d5a3562cd81Ubuntu Security Notice 3285-1 - Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other users on the system. This update fixes the issue by disabling the guest session. It may be re-enabled in a future update.
f991e1ab97234feff3a21152aafabb565288a04f866b021f7c7a3bba5ba30f90miniupnpc suffers from an integer signedness error when parsing a chunked encoded http response.
eae3b67315257af4d12b280c414e11e2785f5cea3165a59b4f1fa16af40318f8CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.
30eaff6ebd04dc3917930b8ae8e436030b22b272cc193fab53f323c5fec4f76cGuidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability.
dde2e54320f7ae0c6125565d33c61a502a0e8d4158b92889665a3941c021109bgoogle-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.
8eaec32d7fdf5c15debcbc897ef52db1a3048d72036b4d43408cd00a1a64ebbfTrashbilling.com suffered from account enumeration, cross site scripting, denial of service, and remote SQL injection vulnerabilities. Trashflow 3.0 suffers from denial of service and hard-coded credential vulnerabilities.
470b4eb23083c6d35beb60491c350e8d089794af3047da9432eb27938a471df2OpenVPN version 2.4.0 suffers from an unauthenticated denial of service vulnerability.
1e82be24c77aa6afaba0b639870610f41e593ffc6fe941430118a5d799c598c6Linux kernel version 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) double-free usb-midi SMEP local privilege escalation exploit.
e7882ec726796b90a0e6bf5db2b33500a6997e2fba0c1e07b3cf8985646d15b1Vanilla Forums versions 2.3 and below remote code execution exploit.
5c7ea9a23a9cecb94400f22b0952a0d9d93fc3cf4ada6196b41f4105e85931c2Linux kernel versions 3.11 through 4.8 O_SNDBUFFORCE and SO_RCVBUFFORCE local privilege escalation exploit.
3f9a6416a28509909106dbad3e284de2a20f84d964933b9948e0de462f67f961
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed