Debian Linux Security Advisory 4448-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
d89f01da812aa3a226285e5880b87cf7b169f13f720a9c99ad5b79d20fac0109
Ubuntu Security Notice 3993-2 - USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fc1e90e6b6f384b445a2dd01f2878f8c9d5c81c233eef28840bdc119fb3c14f5
Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability.
6135a2b9c51d5180a54bad7920ef8a1809f6efa7effd249711a4d0fd4afccc24
Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
322076f25e741c70254f1a1b19ff39d72373752fcd85275434a1bdf43a4bc12a
Ubuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
0b745cdea1e32adf422a20edd455b2e23f046fdb5325d7492534a73649ba4733
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
54768d3786da9a2bf719b2c29ee76ef588285a54890fb08494ce5c350362701f
Ubuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.
67095f2f9ac768e4785669b65b3795e6353f1c9dc900546602720afd985c34ec
Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
05618523951e266d43a52069da1f0ba34d7ea40ab7b10ec9fbdc045f2a7608d6
Red Hat Security Advisory 2019-1259-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Issues addressed include a denial of service vulnerability.
88adbd50131e2a099da28f4661da4264afaab14abbf4ed24b5194139431d2b90
Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.
0fa856233177fd157eb0c17568447c14846e7a88d108dd0d1cfae0edd06e078a
TapinRadio version 2.11.6 Address denial of service proof of concept exploit.
c54a6bc5658ebe3b595abc06038eced3cd4485aeef06b677bb0c2a54a295998f
BlueStacks version 4.80.0.1060 denial of service proof of concept exploit.
d7d8c980ea4548ffdfa45c26f69335fb4266eb00f211f84ef5f1ef2be78055c8
RarmaRadio version 2.72.3 Server and Username proof of concept denial of service exploits.
2cf8d4616810f4b556f2b5373539dd423691b70ced181f173f2626ba41bc0b11
WordPress Inkblot Theme version 4.9.10 suffers from a cross site request forgery vulnerability.
b687cfe4c04f5d0895d41768d61c886605acfa0816f14424c3379413d173ca9f
WordPress Memphis Documents Library plugin version 3.9.19 suffers from a cross site request forgery vulnerability.
0337424caad277a5c8d581ece302b14e037057f2794e244be4ef799782b2a61c
Zoho ManageEngine ServiceDesk Plus versions prior to 10.5 suffer from a privilege escalation vulnerability.
fb4fb0ce251b10d8ce122d04d7196984c16b1a0b477a902ab72b78e87d6cc803
Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from a cross site scripting vulnerability.
a921286c05e37173064be732c7132cf490d45492be6a3e66d5c8610ed97043df
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.
b7d2e9a938e3bd3e306735ac30c5547fb5873fe1a798d291f7cd437bdee37ad0
This Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
177b5b62a07b473da68dffff7f74c282ae90ad2e298981c9578046603f9e403a
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.
663b17e7e771b4cd3b76f4e9be53f77eb788f99d74c6047ec270aeb991f94fd8