Red Hat Security Advisory 2020-0103-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
fcb90197bf847c6ebafd82de864d910086dc1d311169e67eb45ec1ca8f2ab402PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
d35ea155a6c94161743e443b6727e8115d4238a5f423584fbeea100c0b01007bThis Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
30e838ce81c07ffc6eb59ae667a49dfa96e48b0d99660dc1f80dedd7f8c19b0bThis Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.
0f0c8e65ca7fee56037d7ddffc1e77aeffb0987b8111f2b772dbffe0b1b1fb89The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
aa6036f5b4af90867f5ef6b388b50c75aadb110d0e7c1ecb583e6861f997cf20Ubuntu Security Notice 4238-1 - It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
cc8641972a152329c899361963ae7b70c6a01af1111373d086a5ffacd3729617Ubuntu Security Notice 4236-2 - USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Various other issues were also addressed.
1f61d26f6cb6c274b90d78435080b9439ecd8f4e06246022da88999a9353e124The IBM RICOH 6400 printer suffers from an html injection vulnerability.
f70121eb8cf76d671f90a09e39af35a6b6c7f6265e80e9a3975a5335a52ea8c3Red Hat Security Advisory 2020-0101-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a bypass vulnerability.
8cd12115c567905aa4b28d5729c79d46fafeb7f25be5b5a0d00d778b99dde612Red Hat Security Advisory 2020-0100-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
a496efe6c540f0dbcf5379a134ce5b2024588daefb242c5104a38024a949a636Redir version 3.3 suffers from a denial of service vulnerability.
00d5955211f767c5499b874efae44de1cd74477881c9f5012ee51d4851b2a8cfThe Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.
56d047fd1371cddc803a7c6831bbb28724f403134f3ad701d0d1f2b2b8a12b6dThe Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (Compressed Size) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.
1ee5d2c1f340adcecb8d86ba987e2df0e0cc93d8618945a14a6393943bdd41ceRed Hat Security Advisory 2020-0020-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where schema info was written with world-writeable permissions when cached.
0804c4b61d9a57ef11cefb8ba8cca763650c38b22bb5201d8d702612d6b71eecThis exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.
658e656e50297dc9328be51b95fa17458c6d29e74f2464a318d0eabe41049aa0WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2's worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.
6c6fe7a9f5127e081592602ad3e160fb880556efc026bfde16f893df42e1b79dThe IBM RICOH InfoPrint 6500 printer suffers from an html injection vulnerability.
9f33416e6eedfdf26e4663cd809bf3fb58700a9dc539583ca08385cc217abf41VPN Unlimited version 6.1 suffers from an unquoted service path vulnerability.
7df4b2d0315103092ca9a6d5be14d0ab9e752bda4abc8824b66326f0ca1d4f29
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed