D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
ae3c3447736253b12652f3498e39b80ef8b5c39fdb23d42cf38844008d3a0195This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.
561f5de542c8d58118095440168a640aad5069622602f1d8eac2d963687098c9Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
1b2b96879dec01cd02754fe00f8989b11ff16158c3dc7c4aff0faa4b1d34974bZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
f632ef85f28ad70bb9342601a5f35a98d661dd706019e37f2cc899fa7c91121fRed Hat Security Advisory 2020-0203-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a use-after-free vulnerability.
fd41c42c4d6e0236bc390a37c8b4e54beb49086f68361600bcf853843ef316f6Red Hat Security Advisory 2020-0202-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
07d56fc7e4caf2f527ad3e717b85088c6e310e363c19dd38f9bf41fb9d929d7eEmployee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.
23e63333eb80703368d37d1301494778ad1aee0e7387febbad89e6da5f993e05Red Hat Security Advisory 2020-0201-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
cb103a9a083151521bc9381369fd06cffa071a2aaad8daf58abf2194681600a9Red Hat Security Advisory 2020-0199-01 - OpenSLP is an open source implementation of the Service Location Protocol which is an Internet Engineering Task Force standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Issues addressed include buffer overflow and code execution vulnerabilities.
ee1a609d44b1e387587fd42bd06f64b674a73e249a8bfdf2acef73f85c2fc139Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.
1a6497db176ef9c93ca93386cf14b443e5341a899bf60e73653e2502fddb4db2Red Hat Security Advisory 2020-0172-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
d001b2373f4967991ea46a1eae298ded73765592aa4fc39b27a3d55d3390725fRed Hat Security Advisory 2020-0171-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
83bb345c5b950872096eec2fc7401cdd0e6dd45cb6770fbda9535420a870eea1Red Hat Security Advisory 2020-0196-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
4b73be92bf5911b53ca5c01f8c15861f65f82e82eba34cfc359cf2c98888e94bRed Hat Security Advisory 2020-0195-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
5d992c060ac9ab8902a9fc4ade5f77b62323600e52a861952357389c280b739dCitrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.
2c11d86d93cfd73bd58d127cdd74b7f28105f208d9e5dc7da4bc9f6274cd90fc9 bytes small Microsoft Windows 7 screen locking shellcode.
fc1431ed92ba6d673f84f58b86ea42ac5a467f0e1b9ce283fce744ce538aed69An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.
64852008642517c7a6286853a18dc6ef2a98bff2e171d9812bbe7c77a11b7b7dKeePass version 2.44 suffers from a denial of service vulnerability.
3f3890b051cb4e10176165ed6dae444f5f43987976b45138c6f3db54bfd3d2e1ECTouch ECShop version 2.7.3 suffers from a remote SQL injection vulnerability.
8dd98cffff4151d809d69d971abf6959bcb91e00f75bdc195ac1fd4587cc5cac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed