This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
12d01f78d7c81ffd50f6373629755cb8Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
8067e609e8ac988131505f1d7da9c348CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Nolio (Release Automation) in the DataManagement component. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA published a solution to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to insecure deserialization. A remote attacker may execute arbitrary commands by exploiting insecure deserialization through the DataManagement service.
9248904c6a72fc2220b9a25d486cb249DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.
106d6376bfe42cd1d4a6aa71f7885eaaDAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.
71241e8b0dd14c1b51e8708854a79e80DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.
168863215252aa9df18b7fb2768cce78Ubuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
9fff7c893619a32a00e008fd58151899Debian Linux Security Advisory 4581-1 - Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.
138a8c7ad170b8b560c153c2f2dd3395Ubuntu Security Notice 4220-1 - Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
76398bb59611f119d1c7e1fb55b430e6Red Hat Security Advisory 2019-4195-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
d0f0239332ac7b4081518284b6f34403Ubuntu Security Notice 4219-1 - It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
83a46e77959c6c7efba0b0d10a2979bfRed Hat Security Advisory 2019-4190-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services libraries. An out-of-bounds write vulnerability was addressed.
971ffb21a61e8977f95fb83f968d8364Red Hat Security Advisory 2019-4192-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a code execution vulnerability.
54c9f9237e75238330759e67a009a2daTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
ea9e9078ff2e175332f0095c60284458Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.
051e029f16764feddeb7a0590f43de8eInim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.
04f17bebbbf0986a1f927de3cebd3ef5Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.
f21751ca54479762c2e2bdb3358bab9dInim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.
fa5b04b87f4f1fdd3b909cfc78a8b51dWordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.
e04e112fcfa436f18ef05c4933998c2cRed Hat Security Advisory 2019-4191-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.
b3aa81372e4847ca631a49474175167bUbuntu Security Notice 4218-1 - Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
4df9b8e164b4384d69d7db1fb19db978Ubuntu Security Notice 4217-1 - Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations.
35c60fc6f144781461cde60315d43abfRed Hat Security Advisory 2019-4168-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
376ded621b89e5ac3a374fd61c9ec8b1Red Hat Security Advisory 2019-4171-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
37c23e4c50eda89425f47b99d7f73071Red Hat Security Advisory 2019-4152-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write vulnerability has been addressed.
f49183fa76924922724dc8d6b1bcc25a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed