Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
537cbc38c3f21a909d462cda7acf5390
Ubuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.
7bcf3c55b5d0c03de851971d584765dc
Debian Linux Security Advisory 4422-1 - Several vulnerabilities have been found in the Apache HTTP server.
79f884c8d6e40c65c035fb404d7b9ed4
Slackware Security Advisory - New wget packages are available for Slackware 14.2 and -current to fix security issues.
6646522c822af5780adb0ddd54480385
This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The "new_config" parameter of "exec.php" allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter 'new_config'.
82ea7a04ea9f5af50f8fb97802e3ee4e
Ubuntu Security Notice 3933-2 - USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. Various other issues were also addressed.
b78fefb193ca299bd8798a3f0e9cfc39
Ubuntu Security Notice 3933-1 - It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c6a1e9ef0ee7cd623c284d5d2c87b9a1
Clinic Pro version 4 suffers from a remote SQL injection vulnerability.
32484b0286331286855241babe0af4e2
Ubuntu Security Notice 3932-2 - USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c8aeb128181b7d8ea050f623d95a395e
PhreeBooks ERP version 5.2.3 suffers from a remote command execution vulnerability.
24ea20bd71ae32f8b6ef866dec82b0b7
Ubuntu Security Notice 3932-1 - It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
8a7e323053a3b6c044afbb4d8c0594bb
Ubuntu Security Notice 3931-2 - USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. Various other issues were also addressed.
9df4a9429f2b343c6821c2ba1bac6165
Ubuntu Security Notice 3931-1 - M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service or execute arbitrary code in the host. Various other issues were also addressed.
9f1f75dea510a42aad60524b705fc805
PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.
1606f8d4f075c6c721a684007d4d15cd
Ubuntu Security Notice 3930-2 - USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
9c768824f53a303a95665d17f07a9cae
Ubuntu Security Notice 3930-1 - Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information. Various other issues were also addressed.
44762295a5d4aa774924b5f20c9e3872
Slackware Security Advisory - New ghostscript packages are available for Slackware 14.2 and -current to fix security issues.
2b5adab9a573677e4a76e4a4c7f512b5
Ubuntu Security Notice 3929-1 - It was discovered that Firebird incorrectly handled certain malformed packets. A remote attacker could possibly use this issue with a specially crafted network packet to cause Firebird to crash, resulting in a denial of service. It was discovered that Firebird incorrectly handled certain UDF libraries. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
b41996266f4689cc392a2ce45fbb3b56
AIDA64 Business version 5.99.4900 SEH buffer overflow exploit with egghunter.
d62773130f15e8842e13fa41e6a86c75
Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability.
d4499d14d88a13079ce87ba6bb1f6575
iScripts ReserveLogic suffers from a remote SQL injection vulnerability.
be7da49728346e8c6d9d62648a014d7c