Debian Linux Security Advisory 4448-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
38f258bf454c1e2f51d5d76bae0e17afUbuntu Security Notice 3993-2 - USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
171809959a77766ef2db183f2aa4aa3cBlue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability.
f424dfb980dcc7fce293cc0072ec0ff6Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
12b9071fb727c2600c6517cb0d2ade93Ubuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
7a6b2a7276dd51ccf6aa6ba7840777a5Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
1830e80e9537df88ff46db52d64b2e19Ubuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.
58559ab5996b6d070244fb449b0aaed5Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
8789913b6285d14129e87758b445c5a2Red Hat Security Advisory 2019-1259-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Issues addressed include a denial of service vulnerability.
44a386813b5e55de226e46426b1f600eMicrosoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.
52b9f1fd108ce77586d458c8e25878fbTapinRadio version 2.11.6 Address denial of service proof of concept exploit.
e23d018eb2158ed1b3894de02dcbfb31BlueStacks version 4.80.0.1060 denial of service proof of concept exploit.
747c9bb73ad4ab38e59f1dccda79856cRarmaRadio version 2.72.3 Server and Username proof of concept denial of service exploits.
b67247c5346ea62ca0d016cb5013d0ebWordPress Inkblot Theme version 4.9.10 suffers from a cross site request forgery vulnerability.
1ee15c6a89ac27cbcbbe932cbea16a32WordPress Memphis Documents Library plugin version 3.9.19 suffers from a cross site request forgery vulnerability.
8eb5cfcb4bd543d3bca72edeb4ef69eaZoho ManageEngine ServiceDesk Plus versions prior to 10.5 suffer from a privilege escalation vulnerability.
d97b1178405ec6a5d1127af3b7c0e993Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from a cross site scripting vulnerability.
5744b5ba08b274ef8062fa3b9ecab06eThis Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.
8389e3a76ad8302ffe4213d460a38debThis Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
92e9e59de8b1c44532025e2d75591bf9This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.
a99c1e8083c3f15ba37bddffdcfae6ae
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed