Debian Linux Security Advisory 4448-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
d89f01da812aa3a226285e5880b87cf7b169f13f720a9c99ad5b79d20fac0109Ubuntu Security Notice 3993-2 - USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fc1e90e6b6f384b445a2dd01f2878f8c9d5c81c233eef28840bdc119fb3c14f5Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability.
6135a2b9c51d5180a54bad7920ef8a1809f6efa7effd249711a4d0fd4afccc24Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
322076f25e741c70254f1a1b19ff39d72373752fcd85275434a1bdf43a4bc12aUbuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
0b745cdea1e32adf422a20edd455b2e23f046fdb5325d7492534a73649ba4733Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
54768d3786da9a2bf719b2c29ee76ef588285a54890fb08494ce5c350362701fUbuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.
67095f2f9ac768e4785669b65b3795e6353f1c9dc900546602720afd985c34ecRed Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
05618523951e266d43a52069da1f0ba34d7ea40ab7b10ec9fbdc045f2a7608d6Red Hat Security Advisory 2019-1259-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Issues addressed include a denial of service vulnerability.
88adbd50131e2a099da28f4661da4264afaab14abbf4ed24b5194139431d2b90Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.
0fa856233177fd157eb0c17568447c14846e7a88d108dd0d1cfae0edd06e078aTapinRadio version 2.11.6 Address denial of service proof of concept exploit.
c54a6bc5658ebe3b595abc06038eced3cd4485aeef06b677bb0c2a54a295998fBlueStacks version 4.80.0.1060 denial of service proof of concept exploit.
d7d8c980ea4548ffdfa45c26f69335fb4266eb00f211f84ef5f1ef2be78055c8RarmaRadio version 2.72.3 Server and Username proof of concept denial of service exploits.
2cf8d4616810f4b556f2b5373539dd423691b70ced181f173f2626ba41bc0b11WordPress Inkblot Theme version 4.9.10 suffers from a cross site request forgery vulnerability.
b687cfe4c04f5d0895d41768d61c886605acfa0816f14424c3379413d173ca9fWordPress Memphis Documents Library plugin version 3.9.19 suffers from a cross site request forgery vulnerability.
0337424caad277a5c8d581ece302b14e037057f2794e244be4ef799782b2a61cZoho ManageEngine ServiceDesk Plus versions prior to 10.5 suffer from a privilege escalation vulnerability.
fb4fb0ce251b10d8ce122d04d7196984c16b1a0b477a902ab72b78e87d6cc803Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from a cross site scripting vulnerability.
a921286c05e37173064be732c7132cf490d45492be6a3e66d5c8610ed97043dfThis Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.
b7d2e9a938e3bd3e306735ac30c5547fb5873fe1a798d291f7cd437bdee37ad0This Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
177b5b62a07b473da68dffff7f74c282ae90ad2e298981c9578046603f9e403aThis Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.
663b17e7e771b4cd3b76f4e9be53f77eb788f99d74c6047ec270aeb991f94fd8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed