All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from log injection vulnerabilities.
a48e63cf7f4fd470753b57ad80a193df8afba0c05a5bd54b3d1d491b9d27386cThis Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user can then login as root with the login root command without a password.
931484ae445d7eeffdc56096c8dbc47f24916e5073c7902aafc42973e228e845Red Hat Security Advisory 2020-3642-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
b38946a623b5520f37ff7a35588a50179075703c8d39fdf65c702a0459485b6bRed Hat Security Advisory 2020-3638-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
d3ba29bedcfb9bcac7f28a2f10606474560b6de9dd8934c538d5ce2e42ae1802Red Hat Security Advisory 2020-3637-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
c8520f1454bdf92859dac7d1f1ebce269533a37e61e2c44904d7bbde6c038d30Red Hat Security Advisory 2020-3639-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
ea21216679a7a8c8610d283dead99fe6351f679ca2310268170ed188c7b09532Gentoo Linux Security Advisory 202009-2 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.11.3 are affected.
a8406344c7b252401291699045d45ef5f15fde228e7644af31cac3f16f9741c0Rapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability.
356d8c73a8db71d5e7994c72f64ae3892b1f75a01f48caa28edaeaf7bd363757Red Hat Security Advisory 2020-3634-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
cac193252b615e7dbfcb5d9b1bfb7a0a8bf41d6b9de911407ec854984e33cde7Red Hat Security Advisory 2020-3632-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
c97b0206f14987060f943a239d4d67affa7009f84b1b9bc3ea7f5e04dc24e75fGrocy version 2.7.1 suffers from a persistent cross site scripting vulnerability.
494038f46cda16cb6b551f44883e02a48297f05f73ff92a9b15c0660b8b4c326Red Hat Security Advisory 2020-3633-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
4e456c316c38bc5899e8df479456cf1596e29d99eabe2a8b3572c41dea6fd29eRed Hat Security Advisory 2020-3631-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
fa045db7161cfa8e8ac0da6cdda878ae303bb00ffc163738eca2db56643e9196Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.
4563c49b5f140d4c97097c0714861f19d0ef0655690b42573600db44b51a3c2aCabot version 0.11.12 suffers from a persistent cross site scripting vulnerability.
b48bcc95a0fa44e864eba57231f2d1b1d8bda5a46716c0cac0690f14dd4623bf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed