Gym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
6a765a2a578f06a7b02f8904bda572779f3d00d6d0bf387951c135a5b72cf9dbIn 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.
b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906Ubuntu Security Notice 4370-2 - USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
de5808ae689b12e140acaa5c772d93c4aa0a4002f73bce4c4a5a6876954e3227Ubuntu Security Notice 4371-1 - It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
34c13bb2675b4bde9213fc78d2c244ba963384fec9e6bbbb9cac57d1a9df52e3Ubuntu Security Notice 4372-1 - It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.
050dff354c465a6781ac554efb3017f827d45dbfbdc0e9dd7c15ae317f968d6fApple Security Advisory 2020-05-20-1 - Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host.
e35976b46ec8572069af8ecfa516e7c0af3685276f36b89073c48c53fa832ce2Ubuntu Security Notice 4370-1 - It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
877820ed17d981fa733ed7bc43ded0af110ab954d544704bdcd37aea406a4d50This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
520b0c827c8b01d8c2ca1ab697de7f2fc8a7e99f91c7209728f8431d3a566ceaRed Hat Security Advisory 2020-2250-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
28b849b188bfaabdfecd6b3f872f23423fe23dafa29b197903d90966ec0e2537Ubuntu Security Notice 4369-1 - It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
69def9b45df53fc4cdb7a3a8ed24f560a00649c84605fd7f555c6571945e7f41Whitepaper called OAuth 2.0 Implementation and Security.
51889b9cb5896e34189c448f717b7809247336b04dd3ebd03675f4128321eeeeAbsoluteTelnet version 11.21 suffers from multiple denial of service vulnerabilities.
e993df161cddc11c458ef2147ee5ee2b56312c7490e1bdd9da4c08e93a849ba1Forma.LMS version 5.6.40 suffers from a cross site request forgery vulnerability.
a4fbc2d62d59b1ddc6ebd3592eedb0665b21e75d2498e9b5a3b7ff83c3e66e4aRed Hat Security Advisory 2020-2249-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
6b1a7c7b9f7d25f89295aa961301ef2c539a82a7abd3d63adeae12e0f2ad20f5Whitepaper called Hunting Red Team Activities with Forensics Artifacts.
36c6a099b355717d492a8ce32ba064c4db6bb7183d16c52762e1fda45ae671c4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed