ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
194597ced97a35c6d247729d6a66efa739186e83e8e19c865571433ee7b78ee3THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
1a28f064763f9144f8ec574416a56ef51c0ab1ae2276e35a89ceed4f594ec5d2A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow.
145c87a11821afdce38f061bdde93705011a5071747335b1d316604f3d48c582Static binaries provided for VoIPmonitor version2 7.5 are built without any memory corruption protection in place.
53af2b715bcd85faf66b4d8deafd9d7676f2c8e34de79dd80c738b81bc0fb6daCoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.
e8027d05a6dd6acb716ee4876e073b6e72b34b7dfda2f94a9e8c4770517e1dddOnline News Portal version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version was made by Parshwa Bhavsar in December of 2020.
93bd83259a496629964b3bdfc7dec79cb9f5a745a22f8e019c9a9d41b334cbfdOnline News Portal version 1.0 suffers from a remote SQL injection vulnerability.
53685c2005d96fb15b253d8178dcd16aa02f54478a602292b886aa5239cd8046Trojan.Win32.Siscos.bqe malware suffers from an insecure permissions vulnerability.
e052461251dde23e139ced892d115694993299f77e609678001e19c38bb36fbeUbuntu Security Notice 4764-1 - It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory.
b0ccfade8f7e573c633257ecf3509299a30824c5a44eca29c99428787a74ddadRed Hat Security Advisory 2021-0831-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
25d3e57d2845cf5488b4703b2b853c820eb07cf58ec4ce84a009df10dfab0482Red Hat Security Advisory 2021-0830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
27d899951c6c14385d19692ac6e48d9c4933fa240c1a19dfa60300ad5ab53730Red Hat Security Advisory 2021-0827-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.
f0ff3d98decc47c338c1b5dfa65168492b861a779911836e4fb4507459f154d6This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.
545f476ef86fb917ecc86e9949be038a9cf9a65e922e977dc23171d24166bcd6SonLogger version 4.2.3.3 suffers from SuperAdmin account creation and information disclosure vulnerabilities.
56e7d17df146559c639aaff1a40016847783570bed8733186cd99df1cc81fbb9All editions of Windows Server 2012 (but not 2012 R2) are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This issue can be leveraged for privilege escalation if %PATH% includes directories that are writable by low-privileged users. The attack can be triggered by any low-privileged user and does not require a system reboot. This module has been successfully tested on Windows Server 2012 (x64).
a77c7e37688f6a95f721932ff950b80f0f41b82f93c8e93eabed09e3701ff64dVoIPmonitor WEB GUI versions 24.53, 24.54, and 24.55 suffer from multiple cross site scripting vulnerabilities.
3a7579f2a72cb2ec95aaa068756e5ed9c00e5774a0e0b1f2a2a7abaee0f242bbRed Hat Security Advisory 2021-0835-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.
304970ae256724244361ab4dc611cc2b38bc271d4307722cf8f07919b3e8ebe8Interactive Suite version 3.6 suffers from an unquoted service path vulnerability.
c3d6c1b4db5be6abf1d6fc7a4f36e11850d3279d5464ceed789e39a89fc60730This whitepaper acts as a cheatsheet for methodologies to apply with Linux and Windows privilege escalation.
f9978ce5a9ca16e00a1d0a0a5a2c07c964a65b40e70e191a128d82f940f14ae3eBeam Education Suite version 2.5.0.9 suffers from an unquoted service path vulnerability.
07a48d0a80b6e6fb6cffc7ab3242dea1c5592445f28a09fc4e95014cb6f08235Red Hat Security Advisory 2021-0837-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.
b5c6b91d0c637851865f865ab0ca94947144cf03edf73377b5861526d1b52e75Realtek Wireless LAN Utility version 700.1631 suffers from an unquoted service path vulnerability.
1e139cd8c4c62e0f05cb836423e27055aa8450584a2ed0f8cb1ee288a1dd97fdTrojan.Win32.Scar.dxir malware suffers from an insecure permissions vulnerability.
34a6d50eb81b9596b9bf70eeb9120244f7ccb016c5961684830bc872c36265dfTrojan-Dropper.Win32.Delf.xk malware suffers from a denial of service vulnerability.
8075c9dd64881ffb2208b7c6b92e80708e2a6e2aa84ed484c6a0b8757e72566fRed Hat Security Advisory 2021-0834-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.
d36505e7937c648ec63520c804d19eb9a78a730a831faea43ad730a967acb547
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed