Debian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.
e43ffa774ebdcc131069141ab52a0af279975106b0b8c19b8d3aa2c02cdcaee5
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
487933ea075bdbb25d8df06017d9c4f49fc20eb7f6ec80af086718ed5550e863
This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability.
9be39a4bc9f67632a6a5377d1cf086a107e68b119a124c2b425f517817903bb6
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
1b0887fc21ac535befea7243c5d5f1e31394d7458d64b30807a3e98cca0d839e
Wireshark suffers from a get_t61_string heap out-of-bounds read vulnerability.
e78bb2f18e5c8a09bd4bc2e09df300bcd8466772f61124b02d3646830c2a39cb
Polkit suffers from a temporary auth hijacking vulnerability via PID reuse and a non-atomic fork.
cda12b6164dcf7cc8e7788d38b12813f0f957ff6db104d4bad25b01f47fe046b
Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.
f54dc03a0548a0bf309514e8238a7332722ced26331dd750eae0f876a0ed3877
ZenPhoto version 1.4.14 suffers from multiple cross site scripting vulnerabilities.
10fab1ecdb12b992f281934a8923030c443cb6246e70b8221ab99c037bddddea
Red Hat Security Advisory 2019-0036-01 - Source-to-Image is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more. Issues addressed include a path sanitization vulnerability.
7a86f73181e3810ec789e0efe32f394cb8c43b3d70c82e5e4178e6f5cc8a7e6c
Mantis version 2.11.1 suffers from a cross site scripting vulnerability.
007736d3715949fe6452171a06d4473baa940cdc4a1befb91ceaa5d79be7ad82
Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.
0cd579c529c4cdfc92e87078188a90d8b1deb7799e498826ff25224d10f7d825
WordPress MapSVG Lite plugin version 3.2.3 suffers from a cross site request forgery vulnerability.
a62a696e1371182ff1d03ef33a6c1c775ff3fe79e8c36c980ef390c38d2ba247
CF Image Hosting Script version 1.6.5 suffers from a privilege escalation vulnerability.
5eb3a7d3d1fd37031f7881bc3ed9379bf868eb0bc8c46b5d041c307f0fd16f01
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
86301d7058a33f23d02f2b9f84ada5e293f8f8d9829367feafacf7d748c1a3b0
Aspose.ZIP for .NET was vulnerable to path traversal that allowed an attacker overwriting arbitrary file in a context of running application. The issue was fixed in version 19.1.0.
31da380d7683b8a4824fe47f9bc31ab3816251626abfdac05f7a4da39a2d3275