Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
71af9918773e9028decc9c58136a9f56713a2951ed97b1130c0d6a01fe95eeabThe Carel pCOWeb card stores password hashes in the file /etc/passwd, allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Version A 1.4.11 - B 1.4.2 is affected.
450784ac7f42fa743218fbb60bd08f3732984399df8feaaeb904aaf749417707The Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Version A 1.4.11 - B 1.4.2 is affected.
ac9bdcf7f91e77dced7f5e7b4acb37e4fb6d3eaa097d2b650f4b1e1128e1c5f9Red Hat Security Advisory 2019-3281-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.
332517d0f986e800fddcb6a996bf545ae5876efc4f58467d01626aa54b79518fUbuntu Security Notice 4173-1 - Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code.
249a5647bac6baba060acea4c6d26f95b420042b9d301e0d524db8fde562d0e8Ubuntu Security Notice 4170-2 - USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Various other issues were also addressed.
3d48c852e7dcfc3abb2fb09ed80df3fe28d0dc3f88c1ca2fde2213d5b6b9be2eThis Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request.
1baffab9687f81feac9fe65275eba574314a19a248d0ee583a4ac8f7f390b032Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
19d7c7abbfac4c6fde1221a583df9546772368078433af5e6b111ad18b30aabbWordPress Google Review Slider plugin version 6.1 suffers from a remote SQL injection vulnerability.
911c95419821334da71eefac39a1736f977de60c9cfdd08de57af973e356d0a4Red Hat Security Advisory 2019-3278-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.
09bd141bfc689914a6f037134dcdcc5ded17272004cc9cdae40303e14eba15ffUbuntu Security Notice 4172-1 - It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
6fe3c94e2cd5e4c880d9f27376b84f019f84c878a29d5d6c0fbe26568c400032Red Hat Security Advisory 2019-3267-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift-enterprise-cli container image for Red Hat OpenShift Container Platform 4.1.21. An arbitrary file write vulnerability was addressed.
906104ae39293840d5212d29dd0ff8cc64dadcf01d461ace938bc39d9d04c9cdWMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.
8d7b9c4e9eac2146af29c7dd55d6367cd28e4dfe7145bef186543371c430ddabRed Hat Security Advisory 2019-3266-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift RPM packages for Red Hat OpenShift Container Platform 4.1.21. An arbitrary file write vulnerability was addressed.
6bed6b5c148ae9a3c52340c5463b29776453157b65077748ccba93309aba8a01Red Hat Security Advisory 2019-3265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ansible-operator, apb, containernetworking-plugins, golang-github-openshift-prometheus-alert-buffer, golang-github-prometheus-promu and openshift-eventrouter RPM packages for Red Hat OpenShift Container Platform 4.1.21. Issues addressed include unbounded memory growth.
66c6686738c7b7aa9986790e91b9a9c2b4f1ece1dcc127b32bfa252b00d6e23dMikroTik RouterOS version 6.45.6 DNS cache poisoning exploit.
a383237105abf2d8cd196092df38ab74a7bb21e90a231ec004bccdee62539d22
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed