Ubuntu Security Notice 3796-3 - USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
bd9323b300f55025ce3f4e55310f69ccUbuntu Security Notice 3792-3 - USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service. Various other issues were also addressed.
6922096eae4f9412061212a2f8908aebUbuntu Security Notice 3795-2 - USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
e89cc04e069eca9525fb55fb63903774Ubuntu Security Notice 3790-2 - USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
1b19f7fc14a933f4057623fbde241997The Chrome debugger extension API appears to have more power than necessary, including the ability to bypass the check for disabled natives.
7f04b4dbaa37e47793da6858cb2f0661VestaCP versions 0.9.8-22 and below suffer from multiple cross site scripting vulnerabilities.
383e89ec1c0ee9282adbe48bc69bb406Viva Visitor and Volunteer ID Tracking version 0.95.1 suffers from a remote SQL injection vulnerability.
a7bdb1af85aa0c2d43e314a0d6343f09Traq version 3.7.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
0aef457c83d6fd108fe4b17521b80e1beNdonesia Portal version 8.7 suffers from a remote SQL injection vulnerability.
3cc4ca7ebbc356b5f8a59b1fbde6e3f1AjentiCP versions 1.2.23.13 and below suffer from a persistent cross site scripting vulnerability.
295c5f4546a49a27b9be3056bdeb12f1The Open ISES Project version 3.30A suffers from an arbitrary file download vulnerability.
021b5f4026c133b8b2fbc315e632216bSchool ERP Ultimate version 2018 suffers from a remote SQL injection vulnerability.
895a26f1d022712bfe28574ffce213eeThe Open ISES Project version 3.30A suffers from a remote SQL injection vulnerability.
177af646b329a8c58f5910646e929802Oracle Siebel CRM version 8.1.1 suffers from a CSV injection vulnerability.
14b6181049d2b8b95e64fbe8aea5fdefSchool ERP Ultimate version 2018 suffers from an arbitrary file download vulnerability.
a0d372c5ad93a099be337afdcb50514cMySQL Edit Table version 1.0 suffers from a remote SQL injection vulnerability.
19c3b4630111dd4e32c4693e85b43bd9Modbus Poll version 7.2.2 suffers from a denial of service vulnerability.
87bf262caddd533fef12dd918ea17f86AudaCity version 2.3 suffers from a denial of service vulnerability.
577194ca6c017ec013387cbdb4a19365This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe (auto elevate windows binary) execution.
2c1515d3cf000e306d865e349594543c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed