This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.
10f67723ac23f05d8cba2e16ff2e467aThe Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
1dc492f6eea4f99467f3fff5e1b0e0eeUbuntu Security Notice 4672-1 - Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.
2f7d857c85a538c18f56b7c0ae4eaac9Library Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3a6f77f1e026975dbb348acc6760885dRed Hat Security Advisory 2020-5623-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
8f896a4443f8db7455c6e82f3ea2800dFlexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities.
ec2e1c57134445ac1209c351b866228bNxlog Community Edition version 2.10.2150 denial of service proof of concept exploit.
4f78aea6f65ea29746b437bbcf710acfTrend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.
0011367f30c2126b8da594f31400e629Red Hat Security Advisory 2020-5625-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.0 serves as a replacement for Red Hat Single Sign-On 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
59acdfc8532446a66e29bab85f5cf458PHPJabbers Appointment Scheduler version 2.3 suffers from a cross site scripting vulnerability.
fbb1cc707ef5c7242d0dfcfcab74b73eOnline Health Care System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8449dc34abd63dadf764b09a23b18231Red Hat Security Advisory 2020-5624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
1b85130d0bc80a90969aadf4021351bbEmployee Record System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
49060a086fa4c02cdb3c46fe62fcbebeOnline Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
c9e13c502962439d854f92760f3c3bfaRed Hat Security Advisory 2020-5622-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
19b44f04a0feddd5032df7a821546491Red Hat Security Advisory 2020-5620-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an improper authorization vulnerability.
51cb15b5be373abb60fd804f5ba4561eVictor CMS version 1.0 suffers from multiple authenticated remote SQL injection vulnerabilities. SQL injection was originally discovered in this version in May of 2020 by BKpatron.
015a302f77e5cd14af1beb7599c418d1Red Hat Security Advisory 2020-5619-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
410d0e3fd035110521cc0748349ae362Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
19672e38d2fa69e2dc19fb162163b5d8Red Hat Security Advisory 2020-5618-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
467f70259b95c4d42a8e13e31751a47fRed Hat Security Advisory 2020-5611-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.
4a622bec9391ec55957b7c1f9af1f156Content Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
b5024332f6f43bfd2407901451266c3aContent Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
a4db0c0a9c152438130b63a71f479936Red Hat Security Advisory 2020-5607-01 - The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fix: When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " " suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
cfb74db3da4ac6bab83e48f5b36acb9cLinksys RE6500 version 1.0.11.001 unauthenticated remote code execution exploit.
34d1f8f139b30444d22bb826f0dd4811
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed