D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
ae3c3447736253b12652f3498e39b80ef8b5c39fdb23d42cf38844008d3a0195
This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.
561f5de542c8d58118095440168a640aad5069622602f1d8eac2d963687098c9
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
1b2b96879dec01cd02754fe00f8989b11ff16158c3dc7c4aff0faa4b1d34974b
ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
f632ef85f28ad70bb9342601a5f35a98d661dd706019e37f2cc899fa7c91121f
Red Hat Security Advisory 2020-0203-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a use-after-free vulnerability.
fd41c42c4d6e0236bc390a37c8b4e54beb49086f68361600bcf853843ef316f6
Red Hat Security Advisory 2020-0202-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
07d56fc7e4caf2f527ad3e717b85088c6e310e363c19dd38f9bf41fb9d929d7e
Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.
23e63333eb80703368d37d1301494778ad1aee0e7387febbad89e6da5f993e05
Red Hat Security Advisory 2020-0201-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
cb103a9a083151521bc9381369fd06cffa071a2aaad8daf58abf2194681600a9
Red Hat Security Advisory 2020-0199-01 - OpenSLP is an open source implementation of the Service Location Protocol which is an Internet Engineering Task Force standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Issues addressed include buffer overflow and code execution vulnerabilities.
ee1a609d44b1e387587fd42bd06f64b674a73e249a8bfdf2acef73f85c2fc139
Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.
1a6497db176ef9c93ca93386cf14b443e5341a899bf60e73653e2502fddb4db2
Red Hat Security Advisory 2020-0172-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
d001b2373f4967991ea46a1eae298ded73765592aa4fc39b27a3d55d3390725f
Red Hat Security Advisory 2020-0171-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
83bb345c5b950872096eec2fc7401cdd0e6dd45cb6770fbda9535420a870eea1
Red Hat Security Advisory 2020-0196-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
4b73be92bf5911b53ca5c01f8c15861f65f82e82eba34cfc359cf2c98888e94b
Red Hat Security Advisory 2020-0195-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
5d992c060ac9ab8902a9fc4ade5f77b62323600e52a861952357389c280b739d
Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.
2c11d86d93cfd73bd58d127cdd74b7f28105f208d9e5dc7da4bc9f6274cd90fc
9 bytes small Microsoft Windows 7 screen locking shellcode.
fc1431ed92ba6d673f84f58b86ea42ac5a467f0e1b9ce283fce744ce538aed69
An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.
64852008642517c7a6286853a18dc6ef2a98bff2e171d9812bbe7c77a11b7b7d
KeePass version 2.44 suffers from a denial of service vulnerability.
3f3890b051cb4e10176165ed6dae444f5f43987976b45138c6f3db54bfd3d2e1
ECTouch ECShop version 2.7.3 suffers from a remote SQL injection vulnerability.
8dd98cffff4151d809d69d971abf6959bcb91e00f75bdc195ac1fd4587cc5cac