Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
5c656cd9d6b01dd2ad93ed665ca532e6The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).
6e04f989132d4f0fcd1f22d984a8aedfSimple College Website version 1.0 suffers from code execution and remote SQL injection vulnerabilities.
b79435331f73ab8e247db7039783c59fWondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.
59664c74370fef3b655378cae4cd05ddCitadel WebCit versions prior to 926 suffer from a session hijacking vulnerability.
5a6f2a710cd10023c19a954e256671f1Agent Tesla Botnet suffers from a cross site scripting vulnerability.
85eb173306619dbaa4177ef7fb6ab731DedeCMS version 5.8 suffers from a cross site scripting vulnerability.
59e156fcd1d78f4eb054ff4651f4a437CSE Bookstore version 1.0 suffers from a persistent cross site scripting vulnerability.
fc194f59cfd40ef683de002a6e33b13dUbuntu Security Notice 4610-1 - It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service.
d044b963d293ca0b710d800c0f0cb6b1Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.
24fa9b1def3992595545767d8d82efa2Microsoft Edge suffers from information disclosure and remote code execution vulnerabilities. Affected builds include 85.0.564.83, 85.0.564.86, 85.0.564.70, 86.0.622.38, 86.0.622.43, 86.0.622.48, 86.0.622.51, and 86.0.622.56.
d1283aca7d57dba59274a53c8d4be7c8Red Hat Security Advisory 2020-4401-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include an XML injection vulnerability.
c6734a15901d8b6f939fef6f1ad12e04Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability.
146fa3e7e680262eec3c8a7849e57ef6Lot Reservation Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
d59da764d15867b2c8e347b9d1c591e3Lot Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3840f5563afd9a3a71808da95da9f196Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability.
90afc47a914b4ec45f2b380bd65e99ddUbuntu Security Notice 4609-1 - Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". Various other issues were also addressed.
4e2b8c585afc2ea3d948b113104fffd5Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability.
9f7ee8dc2bea9eb36d07925c4afea9eePoint of Sales version 1.0 suffers from a persistent cross site scripting vulnerability.
07a9e356990714e68a1337f5da907983Red Hat Security Advisory 2020-4402-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include an XML injection vulnerability.
96d6633cd6cef7c456fbbb9879267dc9Online Examination System version 1.0 suffers from a persistent cross site scripting vulnerability.
4f20c0c9e6ff28d87241c91fba29f4e1Red Hat Security Advisory 2020-4390-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.
5e29b134d33cbe475b05d7701f782272Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
d7d644f1e0cca176509c26368eef462fUbuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.
632ca4e5ebf9fb3048aa8ec5c35d3c54FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
486d3f9f9d645b3bc7af767d7f2dd9cd
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed