This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.
92c0cbc161c309a9ee69f4716d1ce3b791ab490da8ad91b396463bbefc0310d2Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.
bb85729e5392cb276b101d5c3546a158cfd681c68133d999f6aeb0d73a9eba5bUbuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.
6c0e7ce6beab30b21a9bdb915fb21f53cfb96f785e275b6012bfe9f6b58e015fRed Hat Security Advisory 2021-0811-01 - This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and man-in-the-middle vulnerabilities.
c28667fc0da99f8d9f7d95ddffa82106e756d05bf694491cc1ef1780fba154b5Ubuntu Security Notice 4763-1 - It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
599a910be8819fa0dd616f45c2384e22c9b6e46bad567bf3d3a78948eb24b4f5ForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
fc94d42d043e4a90dc4bd339643f8d95cc873f96e7f9dd33fb84c5094fc4b0a1QCubed versions 3.1.1 and below suffer from a cross site scripting vulnerability.
18b0d3135bcaff1b719e6581291ca716cc699fcb58311677812e3cdffadd0f0fMonitoring of Students Cyber Accounts System version 1.0 suffers from a remote SQL injection vulnerability.
9f51e28fd31bce9bbb0c054b16e8b5f1fb6d7c8042f9c02352e305297ef719a0Monitoring System (Dashboard) version 1.0 suffers from a remote SQL injection vulnerability.
52cb8f143bee46f4b59ce419520e06b04114feabc954585b25905a7995ee2fd4Monitoring System (Dashboard) version 1.0 suffers from multiple remote code execution vulnerabilities that can be leveraged by malicious shells being uploaded.
043e1e39fc51c24af436194959ed840ff021e1cc86a2304aed67b229017049f6QCubed versions 3.1.1 and below suffer from a remote SQL injection vulnerability.
fa46be89ca61956e12154f640ba0959c5f9115bbcf0e53388cf994a3324a8026QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
afd33bd47a0d3f014f965d9fb0061fac602a72b80d77eb291cf48a32fa36c1e6D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability.
934dc62fa5f0b5a818763d562c797ed8d79104a93d069761cc9dcaa5f0408e44Vembu BDR version 4.2.0.1 U1 suffers from multiple unquoted service path vulnerabilities.
7a2204e5ee9d67a5a4235c7df762383336d74328d1750434a09ec4f815b1e5f1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed