D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
f5cec50c246c0217d1a4e5586f49167eThis Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.
e83495fea436d8a384500ace26357f2fLogwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
8bcf3edc5a4687c8aad1b9c01e2be54bZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
12badb31b3d895bd0a427533aba4a756Red Hat Security Advisory 2020-0203-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a use-after-free vulnerability.
dc5a6bc400fd8c6131f64b013f501ae4Red Hat Security Advisory 2020-0202-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
3404f9722d84211d020ebba911c2dd70Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.
2ae268dfb5b02477de0b12594fff1310Red Hat Security Advisory 2020-0201-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
12af8d3d17da89c3b09e1da7b2e8f2d2Red Hat Security Advisory 2020-0199-01 - OpenSLP is an open source implementation of the Service Location Protocol which is an Internet Engineering Task Force standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Issues addressed include buffer overflow and code execution vulnerabilities.
b4794de27a65960e05acce29197a7023Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.
12eed5360dd4febddd4c4451276e9aacRed Hat Security Advisory 2020-0172-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
bdbd811168e083447624425779c51b66Red Hat Security Advisory 2020-0171-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
86115796b10eaa0ddaca193f1185b910Red Hat Security Advisory 2020-0196-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
1c7d2c0c668a926712bd020620aa036bRed Hat Security Advisory 2020-0195-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
401dc7405f3d7c9406236cdfbb63ec71Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.
98dfa95366d3218a5c4e705da6798a5c9 bytes small Microsoft Windows 7 screen locking shellcode.
342333e070d67e23f69ad3f94c730111An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.
f8e6dfd4187cd8bfbcbdada394e14738KeePass version 2.44 suffers from a denial of service vulnerability.
e3921df2f71a715fc3761f07b520768eECTouch ECShop version 2.7.3 suffers from a remote SQL injection vulnerability.
0ba14f6875fb0a9daeddafb224ed1358
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed