This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.
ce10e20707a4fee8b630f43701401064
Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.
31454c2dcf01b0dc4bbe498526c27f84
Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.
67d5415d4b4e952d651e9fc905a209c3
Red Hat Security Advisory 2021-0811-01 - This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and man-in-the-middle vulnerabilities.
4a3e2e63af8c74516c8ec10f448fbebf
Ubuntu Security Notice 4763-1 - It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
a9bb486c2183b003050adf13de2c0c65
ForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
93c0c401241bf2a388e76209eb207357
QCubed versions 3.1.1 and below suffer from a cross site scripting vulnerability.
73fd3916e76f66af8fae7b076246c80b
Monitoring of Students Cyber Accounts System version 1.0 suffers from a remote SQL injection vulnerability.
d175ee814d8f9da856b9820ffa3e7d53
Monitoring System (Dashboard) version 1.0 suffers from a remote SQL injection vulnerability.
8242a47d0c30c4593986343f1a0fa890
Monitoring System (Dashboard) version 1.0 suffers from multiple remote code execution vulnerabilities that can be leveraged by malicious shells being uploaded.
6fe62b2299146e49f1d6d5baac2d1d37
QCubed versions 3.1.1 and below suffer from a remote SQL injection vulnerability.
640b998f6ca739a394e1c0ce5cde9663
QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
d8f336d29a03cf633ebe23cf5d9ed9a0
D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability.
1338bfa25faf5605cd17292180b9bbb7
Vembu BDR version 4.2.0.1 U1 suffers from multiple unquoted service path vulnerabilities.
434e3e8e521a393922891e45d85c2df0