This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.
994055352fee2d951e405c99aeadd99178b2c65c81e77f2f5498366d48a48c14
Ubuntu Security Notice 4160-1 - It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
f9b592cd57c66a41cc2572df5f2ffeecfd664269e7de497697149a9115f866a9
Ubuntu Security Notice 4161-1 - It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
7f05d7a2372c61a56be48149f14923a9ec6644cf190738c69eb8ef764a49a3cf
Debian Linux Security Advisory 4548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
b8bcde877f6272bcd32a05a018a9cdc9bc6dcdb15213d3642b3e1c40a0a17efb
Debian Linux Security Advisory 4547-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.
8eca2c70ce1a22814627f3af89215e63d98f8014fab472c71fd77b3a35eeeab9
Debian Linux Security Advisory 4546-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
352af449337abb2eb16df71059490cdac5644dd446be50a1aa162a6f50f5bb77
Red Hat Security Advisory 2019-3157-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
580ca48ccbfadcc5ae46aa7626a2e1e35aa149c3a88c47c63b7636aaf7712e2b
Debian Linux Security Advisory 4545-1 - It was discovered that the Special:Redirect functionality of MediaWiki, a website engine for collaborative work, could expose suppressed user names, resulting in an information leak.
b4ba914edfd14bd7587407b445b8b32238ef64f5ea3238b74b3606e22f0d77db
Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
6e16f3aa88276b6f120411e834953cbd8b1d1e3547deb2d4e80297d7c49b6eb3
Ubuntu Security Notice 4159-1 - It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
d58fa7442982f864e3c110e92b8302aef180b78860e19a04d1b1e38dea5b5cc9
Ubuntu Security Notice 4155-2 - USN-4155-1 fixed a vulnerability in Aspell. This update provides the corresponding update for Ubuntu 19.10. It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
fe185c7a18f8648750c42f0589dba893c4342e42b79d3e3665bd95c51639b493
Red Hat Security Advisory 2019-3158-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
626e0c8ce1feb4d26f15b7e661d30b9fafd9f8a87bf7af2dbb288cb1b0b91e54