cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
0184f416bfa0798a5f633bf4c5fa22a6c699089323d8f1918e18463d16bda3b5This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.
de0a15ebe9d1aa72ab9db25c4772fd3f14a7a703cd5073c7a99bb9586f47fa3fUbuntu Security Notice 4196-1 - It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. Various other issues were also addressed.
df3c0bc39dca47dcbde3f1caaeadff93fa45d0af12fef8b8f71b9ecdf0cb2e6aCentova Cast versions 3.2.11 and below suffer from an arbitrary file download vulnerability.
b4d106e6294e376a5e9f28303e16e342d7aa2a0c7ef2fc3f1a24ebc66123add2Debian Linux Security Advisory 4571-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.
d1da11dc68e0e483876a30896b2795e84ff6d0181f67e226306de8a7caa0ee6dMobileGo version 8.5.0 suffers from an insecure file permission vulnerability.
3867ec204da6bd340b5f0926aeda73bc36a33f78db5a6d46c83599b62fb46a8aRed Hat Security Advisory 2019-3901-01 - Red Hat OpenShift Application Runtimes provide an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Vert.x 3.8.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes linked to in the References section. Issues addressed include code execution and deserialization vulnerabilities.
c9c5b0746f972193f09651db45c773093205fbfb73353adb1d47b9b1d7e33ee4Ubuntu Security Notice 4195-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
c6e6302a850191e2b376ea6b239cea8a6a540fb0e90e3adaed0f6d9cc99afeb6Debian Linux Security Advisory 4570-1 - A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy.
d986565ac146d4431943d6e5b0086d43adfc651090b5a543d16d25256ca53920nipper-ng version 0.11.10 suffers from a remote buffer overflow vulnerability.
886dff6e932d01084e771908395b56124a7b0c657002bbb4c43a44d97278ad17Red Hat Security Advisory 2019-3898-01 - Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structure modification. A use-after-free vulnerability was addressed.
99a01ff2b8bdc19ab47886ea6c91b2ea18017a436f32e40e34cf3fb73fdc7858TemaTres version 3.0 suffers from a persistent cross site scripting vulnerability.
6fbb522bb40fad54315b77a39321a9a24dc52f1e80ef3670bcb8e03f2e2baaa7Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.
b0861077df7672bf8522d660f4e5c42b02c096d660b906d7e0d199649daf727eFoscam Video Management System version 1.1.4.9 username denial of service proof of concept exploit.
8e63f54a8786991850c7a5469e8612766ad3f89edc8c72d62ffba7efbd3940e3XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
4db2282f00ea2a5023d67512a87ebbd90ad26fa3ba4213dd4bbc01fcde913474TemaTres version 3.0 suffers from a cross site request forgery vulnerability.
408ad091dca69f3df8a0708da1fd8237ab74307022117bec085217d142968b7dDebian Linux Security Advisory 4569-1 - Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
bbdc2afd872ceca391983d93c13437185b49088b9305b351976f9109a0048103Crystal Live HTTP Server version 6.01 suffers from a directory traversal vulnerability.
a2124740820c2e0d6ff88759285feeb95e3df9273457fcc5ae7c11f03c6e5dd1Red Hat Security Advisory 2019-3895-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.
54326c81e625f8456b17f6e9d75e4db03b6c48baa3d9c294b1b9ec55893ed414Open Proficy HMI-SCADA version 5.0.0.25920 suffers from a denial of service vulnerability.
4874a75715b6d9a8cfe15041b5586c58aa89e6542f56b15d403d5df51ca30048Debian Linux Security Advisory 4568-1 - Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
b5b2dcccd4ee0a6aa05a18c307bcd6c98076fddc1eebb2a9e5e79f772a3b36fcLexmark Services Monitor version 2.27.4.0.39 suffers from a directory traversal vulnerability.
c53c0302aae4b649e7aeba4f2bef26ca8ef3a1e6b142720e59503967cffecdfd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed