Red Hat Security Advisory 2020-0464-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a bypass vulnerability.
d5adc860b39c8f57e9cc3cce34b1ea7a
Debian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
533efba43844c56bf8753f1b052bb845
Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.
8c2147bccd6637595f39b6fe489a5e32
Vanilla Forum version 2.6.3 suffers from a persistent cross site scripting vulnerability.
48c062d7b751d3dfff66a2561dec5c07
This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGIN_FILE. The module will attempt to retrieve the original PLUGIN_FILE contents and restore them after payload execution. If VerifyContents is set, which is the default setting, the module will check to see if the restored contents match the original. Note that a valid administrator username is required for this module. WordPress versions greater than and equal to 4.9 are currently not supported due to a breaking WordPress API change. Tested against 4.8.3.
4b5ae8fdf2e5fd5022e3f24e30cac4b4
Ubuntu Security Notice 4274-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
63d479012f34a8940906391a1303859c
LearnDash WordPress LMS plugin version 3.1.2 suffers from a cross site scripting vulnerability.
495724cb6e0958f08049f583facc3647
Wedding Slideshow Studio version 1.36 suffers from a buffer overflow vulnerability.
7d61e1ee75320bf8d949aaa53ba8ea59
Ubuntu Security Notice 4275-1 - It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
5fece95041b73e2c5465e5081f3e1982
ExpertGPS version 6.38 suffers from an XML external entity injection vulnerability.
4e1090a6488fa7a932e6937630a5772a
Google Invisible RECAPTCHA version 3 suffers from a spoofing bypass vulnerability.
03e20cd2aa23071dfe0c93c4d8a7b255
This is an article discussing Apache2 Web Server hardening. Written in Turkish.
714af65b9e8c39a13763f187340761c8
QuickDate version 1.3.2 suffers from a remote SQL injection vulnerability.
f2edf1bbfd6b35a274e7d0fc1835c365
Forcepoint WebSecurity version 8.5 suffers from a cross site scripting vulnerability.
141e6e362032cd8686d01406f6b26649
114 bytes small Linux/x86 bind shell generator shellcode.
9b7bafc7ff4aa9cacdbde1039bca23ca