gVisor Sentry permits access to the renameat() syscall. As the sentry is not chrooted, it permits renaming files in the host system.
27c9dae5477db27a88105ca79f7540d5dd144ce2e235bd03195740baacaa98b1Linux suffers from a reiserfs listxattr_filler() heap overflow vulnerability.
bda8cff2fd8a8c683d0b06a45887982f218af840ef2b2e66113c85ebc43d76ebCA Technologies Support is alerting customers to a potential risk with CA Release Automation. A vulnerability exists that can allow an attacker to potentially execute arbitrary code. The vulnerability has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code.
4fc4b066351e50f874af68872fd64d5bec84276aff293512264657be23e122caCA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.
a4455b199d6346df10c220027991719705141f33a067ce43f7b651f5e6a4d79dDamiCMS version 6.0.0 change administrative password cross site request forgery proof of concept exploit.
c64f583df2199c7fe4254d38572104c3d2476164b43f76ec9deb32b708ac2020The Vox TG790 ADSL router suffers from a cross site scripting vulnerability.
717552a1ef7035d3e690e5b4d070714826cd3b55c01ad8f8d9bb7544d6f8014dAcunetix WVS Reporter version 10.0 suffers from a denial of service vulnerability.
f99437e7dbb525c610fa5d7015e4693fadd0e49fcca2b81f85c551bec17fb8e8AZORult Stealer version 2 suffers from a remote SQL injection vulnerability.
674810906207e9407a36c925c186d9b8619229225cf8ba7ac0793ba7e833cfe1Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
18f2aeb10b4d935d85c115a1e4a93464b9750be19b34997cf6196b29118e73cfGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
d158a8a626dc0997a826cf12b5316a3d393fb9f93d84cc86e75b212f0044a3ecThis Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).
07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4aownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.
29b952619c8992a8a4ce5753eaedfa7b6eaafa33618c92674d49b3731375dc42WordPress Jibu Pro plugin version 1.7 suffers from a cross site scripting vulnerability.
18c1194e869784b9a96a05527b9decfd9b972dec28496a9cb4a9df608b8a85daWordPress Quizlord plugin version 2.0 suffers from a cross site scripting vulnerability.
62f0455ed5e3caa433f776afbd757a6ace1243aa45ddf39b3f26277ba9762848Cybrotech CyBroHttpServer version 1.0.3 suffers from a cross site scripting vulnerability.
149e18fdc58e7ab10a560a31539fb56b08816845e01114abfa7a0b7a31ad5ba8Cybrotech CyBroHttpServer version 1.0.3 suffers from a directory traversal vulnerability.
7b9c732ab95b49391cb25a863aa1969ba51ecb15bd4a8a0e7caeab1076eeef91Nord VPN version 6.14.31 suffers from a denial of service vulnerability.
e951f9644cbc57d0201f5a33382c0a9749c60a07708c0f9afcdce018e593e9ddNetworkActiv Web Server version 4.0 Pre-Alpha-3.7.2 suffers from a denial of service vulnerability.
ae999e04a2d6cad2f4feb9936d0cb7e68ca145d2af8ae75cb601034d777d684bTrillian version 6.1 build 16 suffers from a denial of service vulnerability.
de1c928ac823ef63b75409805f390d7d899c22b7b4ae83f2cae9493ef4cc2258Easy PhotoResQ version 1.0 suffers from a denial of service vulnerability.
530ffacf17eccf9b46ccbaa478307f09bd9e22ddc709d82f9b9879aec197f45dEpiserver version 7 patch 4 suffers from an XML external entity injection vulnerability.
8b0f7b7fc99768f17578cf411177580b97484e0238721108b9bab21d6906bb9fphpMyAdmin version 4.7.x suffers from a cross site request forgery vulnerability.
e63d2dcc5948a45882c170f9e3e441a265cf1233d27f4dee8c082aeef27611e0Skype Empresarial Office 365 version 16.0.10730.20053 suffers from a denial of service vulnerability.
3e7987d784144b91aefb2a14f3e9d598157afc82ba38c417a05ee061228b522dFathom version 2.4 suffers from a denial of service vulnerability.
0dec82d3853c0206aa051f2aebab003420da2318e53ea332a230c36bf05ba7ad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed