Ubuntu Security Notice 4263-1 - Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.
8485d93ec2d952d049e78d5994a67c5e7e91ee758df6d12aeb7c8e6ea99106e3Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.
c86925d33e285cee87de038a4e6d41f8b66dba7c5d35bbf49853a20cf80e0b49sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
77faf85164eb17dce769ec830cbd146768644315bc1024613ad13155e09c2d11It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
dd9eb8a13d06fc9ad56d7a4bb1f0a271663ad5edcf7bf6387c09481d3c8486e9Schneider Electric U.Motion Builder versions 1.3.4 and below authenticated remote command injection exploit.
fddf6a16d030c574aa78b52dd0985b8fc03079d657c60a5f8252ea38c6d38982Red Hat Security Advisory 2020-0316-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
216392714ecd88f7b91b85075e2ee5a04f8b9bc3b662d4482e8d34c1a022f9b0P2PWIFICAM2 for iOS version 10.4.1 suffers from a denial of service vulnerability.
1f52df5d2d5bdb2cc0f10b3fb7b91f5525d0f71daa0c876c5c59fbd0c8c9951fREVULN 20x2 is an international conference taking place the June 25th through the 26th, 2020 in St. Paul's Bay (Malta) at the Hotel Santana.
cb6a89e15d510c1293370692b4ce2958476b45e3d99d2ac90bdb73e9a12cd668REVULN 20x1 is an international conference taking place the April 28th through the 30th, 2020 in Metro Manila (Philippines) at the RED Hotel Cubao.
eb33f5e98c769dfe6a8b1f404b5315ab727fd98cc68a42868c5cd4bcefb989d1Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
03a369105465ab891d0ad9ac2729ea84660e0bb558e98aa0f5f19ad82d5d3bfeDebian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.
2957f727438c3e2bd92e2e038adc6d4f2ddfaacd4b035ca5555aec139dae983fSchool ERP System version 1.0 suffers from a cross site request forgery vulnerability.
2916752dc35d5ae064e8b6062bba76b8136e4fd83d6ad811a617e16fe3c0d54fDebian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.
e3db76e1233159bccb40c596b224ab1f03af6655b3d18061ad965e1cc5720856LeHACK 2020 is a yearly rendezvous where hackers and aficionados are meeting with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2020 will be held in La Cite des Sciences et de l'Industire in Paris, France from June 26th through the 27th, 2020.
de41e763e656347f17893bb49d5a42f9e00f73934f8a35eff7d77332e7cabe6dDebian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.
a42b1dac3ec9dc5d5b341effadecefe702c5cd5ae620d147983707167d5ac1fephpList version 3.5.0 suffers from an authentication bypass vulnerability due to an integer conversion issue.
2072bc62db6aee6a9bbced0782d27be4fdef0e8c2d9afac438d782b977bc4427This archive contains all of the 163 exploits added to Packet Storm in January, 2020.
726cdb16ce781410d35beba804af2cb48f391958c88806a53e778ca623f92a08
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed