Textpattern CMS version 4.6.2 suffers from a persistent cross site scripting vulnerability.
79de4691332d807c2cb876fb179edfaaPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
badac27e328c35e43822d43864d8309aA security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.
b8446c244573df9229e023dd4a04307dBACNet Test Server version 1.01 suffers from a denial of service vulnerability when sending a malformed BVLC Length UDP packet to port 47808 which causes the application to crash.
c18e464a43c74a4f96d0a72d9e0d01bdTypesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.
5524c94291b9260c89573ff9a567213eFortiSIEM versions 5.2.8 and below are vulnerable to an unauthorized remote command execution vulnerability via Expression Language injection. This advisory notes that the Richsploit exploit can be leveraged to still achieve code execution.
ede89954670a655bc3179da240bac0c4Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f75b1a3129973828757d92800d60a53fUbuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b820dbcb8494dae534a235f1446d17cbRed Hat Security Advisory 2020-4206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.121. Issues addressed include out of bounds read and out of bounds write vulnerabilities.
c36603d707663f5ce9c0d89c204f971fRed Hat Security Advisory 2020-4201-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
b69fdb3ab93984f031c89730c07e200bLiman version 0.7 suffers from a cross site request forgery vulnerability.
ae4e8264074f4eb543f72f74611a05fdRed Hat Security Advisory 2020-4184-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
3da6fe82797fd4678ce0f9aa5001c10cEasyPMS version 1.0.0 suffers from an authentication bypass vulnerability.
80cdd9b3a1ce90cefcc47f76772deb64The Karel IP Phone IP1211 web management panel suffers from a directory traversal vulnerability.
39ad52c26c3918e666690e9425a9a8c1This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.
4560c10a59bfed2734bbd165d32220ff
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed