CentOS Web Panel version 0.9.8.78 suffers from a persistent cross site scripting vulnerability.
f8dd24fc9d2d944a62b8241eb836aa56Pydio 8 suffers from cross site scripting, command injection, and various other vulnerabilities.
4bbf5f61cb3b1078960683a0b5c13dbcDebian Linux Security Advisory 4418-1 - A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS or pop3 migration plugins are affected.
4e1a2f468792a0aeca021bb8b40fffcbVMware Security Advisory 2019-0005 - VMware ESXi, Workstation and Fusion updates address multiple security issues.
8d7829a21cc009037128f8bf2d178e1bVMware Security Advisory 2019-0004 - VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability.
8f3ca8321cfd810fd65b4198893d7205Ubuntu Security Notice 3927-1 - It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
0d66fa4f21353894c143dec150943113Ubuntu Security Notice 3918-3 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
79d2df9d3251aec55839d0a5fa67270fUbuntu Security Notice 3925-1 - It was discovered that an out-of-bounds write vulnerability existed in the XMP Image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution.
857c2829c855cabfe01facfea0086175Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit.
fd9d593a8b6ef880b62253bdde56c246A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects.
cdcb535655303de5282b8e9ce3804be5Job Portal version 3.1 suffers from a remote SQL injection vulnerability.
ea89e98207f68fe80916e9852460d6e1BigTree CMS version 4.3.4 suffers from multiple remote SQL injection vulnerabilities.
6a38bc0643f90db9afb86befcc862891Jettweb PHP Hazir Rent A Car Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.
18f62a5e5ad9bc383565459c869d1942Thomson Reuters Concourse and Firm Central versions prior to 2.13.0097 suffer from directory traversal and local file inclusion vulnerabilities.
2f1c67379d50d0c5a6e338f892cd9916WordPress Anti-Malware Security and Brute-Force Firewall plugin version 4.18.63 suffers from a local file inclusion vulnerability.
c3c8b8f52e424c3c1590ab946e0a5361Base64 Decoder version 1.1.2 local buffer overflow exploit with SEH egghunter.
a69e29293ab28fa6557a6b8fbfc700e3WordPress Loco Translate plugin version 2.2.1 suffers from a local file inclusion vulnerability.
c78144a2b2993de8c8224ea551584eb6Microsoft Visio 2016 version 16.0.4738.1000 suffers from a denial of service vulnerability.
8d7282b2e6f1370e71dc0af9fb88fc7a
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed