Chrome suffers from a type confusion vulnerability in V8TrustedTypePolicyOptions::ToImpl.
98c38647d36157a9c19284e8e46c2d46
The compositor thread in WebKitGTK+ might alter a FilterOperation object's reference count variable at the same time as the main thread. Then the reference count corruption might lead to a use-after-free condition.
7cf03baad452fd88cc65c2145f359558
XNU has an issue where pidversion increment during execve is unsafe.
98cad986f696210bc1f2b23ff3589ba7
JavaScriptCore has an issue where createRegExpMatchesArray does not respect inferred types.
890d106035374c388ef370b205c1ca00
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.
73d8d9705d5c9f614936a80d2fffaf41
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
1c8380669ea9d9d35dc6340928d1d738
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
0c3e80e402d71c4f65f5a5b90659b027
Red Hat Security Advisory 2019-0693-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2020, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.9 AMC after March 31, 2020.
a70123436ffaf9d2ab00c0260cd1d210
Ubuntu Security Notice 3928-1 - It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges.
e8e381e3194fa8e084140ffae3875bdb
Debian Linux Security Advisory 4421-1 - Several vulnerabilities have been discovered in the chromium web browser.
171d11d0d28b852d7b325aae926554a0
Debian Linux Security Advisory 4420-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service.
9c341e17cb151e9b9a82c377fba7c543
Debian Linux Security Advisory 4419-1 - Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.
d00cef3c5e5b02edd0fc91a7aea7b3a8
Fiverr Clone Script version 1.2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
aa633fc8b896ed59cd8c18665450b533
WordPress Ultimate Member plugin version 2.0.38 suffers from a cross site request forgery vulnerability.
81c0af98e4ecea26b52dd1aa67fb05fc
zStore version 1.10 suffers from a cross site scripting vulnerability.
4c00e0738e3016954ee20c83582c53d5
zipperSNAP version 7.0.28 suffers from a cross site scripting vulnerability.
99bcb1b503333f00561cf36a8f07c26d
zipperSNAP version 7.0.28 suffers from a directory traversal vulnerability.
68133bd8f39ff33782a37a6e67421103
Zeuscart version 3.0 appears to suffer from a user detail information disclosure vulnerability.
4f117d148304a4e5c015e95b04f3fca1
SphereFTP server version 2.0 suffers from a remote denial of service vulnerability.
d09d9c2d9a6160f5942f71f57f0d51ce
Classified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.
b866bad380e0c3b19bc902c7eb5f1dae
This archive contains all of the 205 exploits added to Packet Storm in March, 2019.
b7141ac743587ac3ee7f52336fd376a9