Gym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
ce64ae85eae1a7a26c36e368e636d47b
In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.
f669ab533f30c6f109eb83ceceabfd6c
Ubuntu Security Notice 4370-2 - USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
41f2316b173eea1d00d120657fb88797
Ubuntu Security Notice 4371-1 - It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
277d54e2071edbe532c6f11bdd7e2022
Ubuntu Security Notice 4372-1 - It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.
abf7184cc2087c06b76ddc60ed0d60ed
Apple Security Advisory 2020-05-20-1 - Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host.
550c1f832f43751d05f4ca8e901458c9
Ubuntu Security Notice 4370-1 - It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
39f5e383f91d9ec029fffde8daa2385b
This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
e3a30f51596b55d810e3f2ed09788c15
Red Hat Security Advisory 2020-2250-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
a4c539e4109d5abbc217a76afdc7d685
Ubuntu Security Notice 4369-1 - It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
6d0bd201f6f7817bc3279a320a6733e2
Whitepaper called OAuth 2.0 Implementation and Security.
a294cb726f90f642c711278a697e63d8
AbsoluteTelnet version 11.21 suffers from multiple denial of service vulnerabilities.
c6e0e3ab4dda77e8307396c81a4fe5a9
Forma.LMS version 5.6.40 suffers from a cross site request forgery vulnerability.
a8f9d8914f351df98bfca9858bb28623
Red Hat Security Advisory 2020-2249-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Issues addressed include a denial of service vulnerability.
36c26d6172e6afa550148adff581f4fd
Whitepaper called Hunting Red Team Activities with Forensics Artifacts.
052010f0eb75a3b84fd5b85efbeb2cbb