Ubuntu Security Notice 4263-1 - Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.
8485d93ec2d952d049e78d5994a67c5e7e91ee758df6d12aeb7c8e6ea99106e3
Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.
c86925d33e285cee87de038a4e6d41f8b66dba7c5d35bbf49853a20cf80e0b49
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
77faf85164eb17dce769ec830cbd146768644315bc1024613ad13155e09c2d11
It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
dd9eb8a13d06fc9ad56d7a4bb1f0a271663ad5edcf7bf6387c09481d3c8486e9
Schneider Electric U.Motion Builder versions 1.3.4 and below authenticated remote command injection exploit.
fddf6a16d030c574aa78b52dd0985b8fc03079d657c60a5f8252ea38c6d38982
Red Hat Security Advisory 2020-0316-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
216392714ecd88f7b91b85075e2ee5a04f8b9bc3b662d4482e8d34c1a022f9b0
P2PWIFICAM2 for iOS version 10.4.1 suffers from a denial of service vulnerability.
1f52df5d2d5bdb2cc0f10b3fb7b91f5525d0f71daa0c876c5c59fbd0c8c9951f
REVULN 20x2 is an international conference taking place the June 25th through the 26th, 2020 in St. Paul's Bay (Malta) at the Hotel Santana.
cb6a89e15d510c1293370692b4ce2958476b45e3d99d2ac90bdb73e9a12cd668
REVULN 20x1 is an international conference taking place the April 28th through the 30th, 2020 in Metro Manila (Philippines) at the RED Hotel Cubao.
eb33f5e98c769dfe6a8b1f404b5315ab727fd98cc68a42868c5cd4bcefb989d1
Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
03a369105465ab891d0ad9ac2729ea84660e0bb558e98aa0f5f19ad82d5d3bfe
Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.
2957f727438c3e2bd92e2e038adc6d4f2ddfaacd4b035ca5555aec139dae983f
School ERP System version 1.0 suffers from a cross site request forgery vulnerability.
2916752dc35d5ae064e8b6062bba76b8136e4fd83d6ad811a617e16fe3c0d54f
Debian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.
e3db76e1233159bccb40c596b224ab1f03af6655b3d18061ad965e1cc5720856
LeHACK 2020 is a yearly rendezvous where hackers and aficionados are meeting with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2020 will be held in La Cite des Sciences et de l'Industire in Paris, France from June 26th through the 27th, 2020.
de41e763e656347f17893bb49d5a42f9e00f73934f8a35eff7d77332e7cabe6d
Debian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.
a42b1dac3ec9dc5d5b341effadecefe702c5cd5ae620d147983707167d5ac1fe
phpList version 3.5.0 suffers from an authentication bypass vulnerability due to an integer conversion issue.
2072bc62db6aee6a9bbced0782d27be4fdef0e8c2d9afac438d782b977bc4427
This archive contains all of the 163 exploits added to Packet Storm in January, 2020.
726cdb16ce781410d35beba804af2cb48f391958c88806a53e778ca623f92a08