Ubuntu Security Notice 4263-1 - Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.
f36b6bc9a1c17eb19f2bb2a0b5d96da4
Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.
64e17dfa20a0581f372e17439d45132b
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
abd19f5b92dea0a58bfe8b75c5186526
It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
03710b8e9efb16ac3a585bc63c8f8279
Schneider Electric U.Motion Builder versions 1.3.4 and below authenticated remote command injection exploit.
c3c4ba44db6b68838bb3d2e7895547e5
Red Hat Security Advisory 2020-0316-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
677f3af949e436d814d16cb2305cce29
P2PWIFICAM2 for iOS version 10.4.1 suffers from a denial of service vulnerability.
445e6e1a3db70166a4f458206ca4d7fe
REVULN 20x2 is an international conference taking place the June 25th through the 26th, 2020 in St. Paul's Bay (Malta) at the Hotel Santana.
5ff239aa515c6d0b4350aad7cb8f9b47
REVULN 20x1 is an international conference taking place the April 28th through the 30th, 2020 in Metro Manila (Philippines) at the RED Hotel Cubao.
f056b932638992744402d575aef22452
Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
68dd9842b4c7c537bd5929d1a56d11ec
Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.
b8ce23ae3c877342694fbc6f85c091f9
School ERP System version 1.0 suffers from a cross site request forgery vulnerability.
de209a5b14abf50cbf9bccdf4cf797dd
Debian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.
bc4ea9e149abcc89a200608b389eeeca
LeHACK 2020 is a yearly rendezvous where hackers and aficionados are meeting with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2020 will be held in La Cite des Sciences et de l'Industire in Paris, France from June 26th through the 27th, 2020.
2fecce4977a35ea552d93179dfb22375
Debian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.
7431c17f70c52332c0fd6645b7f7672c
phpList version 3.5.0 suffers from an authentication bypass vulnerability due to an integer conversion issue.
103b1f2bc484e3c317cab77def986532
This archive contains all of the 163 exploits added to Packet Storm in January, 2020.
3c9cde2016ceebf5351276d56c3ea516