All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from log injection vulnerabilities.
4a5a773e656cb3ebd8749372c729a381This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user can then login as root with the login root command without a password.
5bc27419d79ae20808b9b53825a1e970Red Hat Security Advisory 2020-3642-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
38ea164d1c007b5ad23905702c4a364eRed Hat Security Advisory 2020-3638-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
34968b1413c659852b2a6fd77386aed5Red Hat Security Advisory 2020-3637-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
18fe456380f432ad711cc532f70e648fRed Hat Security Advisory 2020-3639-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
f06252c78191e71e29c17dfcf8316547Gentoo Linux Security Advisory 202009-2 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.11.3 are affected.
ebcfd57317df8fe31dcaca1f536069baRapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability.
74cc0768de07f3d4c7a3cadc787554ceRed Hat Security Advisory 2020-3634-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
fa053c362d838eef03ce5d05a314c8d9Red Hat Security Advisory 2020-3632-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
ed77221b6231e6875c881951ab223bcfGrocy version 2.7.1 suffers from a persistent cross site scripting vulnerability.
ac61916619d1477d42d0ae2d76fd218eRed Hat Security Advisory 2020-3633-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
1585226df661f748eff0a38e77581164Red Hat Security Advisory 2020-3631-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.
fdac100eb616f04a44b8b855d2814883Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.
9c9258b91b93df640a00425477cf2e15Cabot version 0.11.12 suffers from a persistent cross site scripting vulnerability.
5644a0a4d028e69b84cd42695c1ae670
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed