CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
665002696e6aa2586a51b8816a8a1e2a503f1bc489989a9294e0d3632c5224f2WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.
0981c4f9c549ca322909202cf2f6c2af66fabbb260e7ca87b4d6c92465148a64Chrome suffers from floating-point precision errors in Swiftshader blitting.
55329bd2920eaa9d39110322696bef158e0b340f65c27b63cceed9585601bc64MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.
da11ef1523cf7cf91c93aba43e31032f36aa53b573118e55a7e1163ecc6beee6Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.
04d325a817231ab9f0764272b559378b2d3fe10f9b33e17341521360cd5f6b9eRed Hat Security Advisory 2018-2214-01 - openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Security fix: openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials.
a645c04c2db09c0649ed6428ff4db02a66c1aab543361fa03329e0fb6f8a778dSlackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
1751e466b4765f6a7eca3f634337ed57a540c0de395d8e2c93ff160039c66312Red Hat Security Advisory 2018-2228-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.
a38d8b4a9ef269f1deca8c1b814952165139072ed0330610b2f751e9234a8f7fAdobe Systems Mail Lead DBMS suffers from an arbitrary code injection vulnerability.
357c23ee595cb19eb4f7d1df4da74a5cd49b57362eca78f2c93da9a6de10959aDebian Linux Security Advisory 4252-1 - Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service.
914b3ea83f72d0dcc9b0c6d010d1220d255648be0af6699555b952847a50ca3eDebian Linux Security Advisory 4251-1 - A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
5253b4c31d0da0c19893d064e2ba6b3b47effeaa41bab133435beffacb724256Red Hat Security Advisory 2018-2225-01 - Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Issues addressed include an escape sequence injection vulnerability that allows for arbitrary code execution.
72bc959e6e96b4bd37a7660348b389326f89e770aab54d67e5b9c4ecf9c1133eChrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.
6587e8951f4e79c87ecd7b6a16fa91a40d27b5f94453f1ea87b0a9789512a6beRed Hat Security Advisory 2018-2224-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
2743dd98e6c725e5bc7053f65fbd45caf468ec93410522770ccc5fa455a8d5b3Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
49b2895ee3ba17ef9ef0aebfdc4d32a778e0f36ccadde184516557d5f3357094Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. This Metasploit module has been tested successfully on many different kernels.
3a7fa7070c41ddc4726fd312fb66650ad5d4cd33a694060cfd4542206f2d48f1Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
74dacb4359d57fbd3452e384eeeb1dd77b6ae00f02e9994ad5a7b461d5f4c6c2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed