Phrack Magazine Issue 70 - Articles include Phrack Prophile on xerub, Attacking JavaScript Engines, .NET Instrumentation via MSIL bytecode injection, a VM escape QEMU case study, and much more.
053261ccb38c70ec1d4d9245457b230f7ce71244326690fc256536d43772bbe6
Ubuntu Security Notice 5103-1 - Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges.
7a01af2ea9484fff7532ca3bfbbb438b4fa068ac9fd281d8a066ddbdb38c8749
Red Hat Security Advisory 2021-3725-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and out of bounds write vulnerabilities.
7f735d3b9f335568e537bf87b297d4d999b27ae17dfdcdf3cbb9a64d9adf1e4d
Backdoor.Win32.Prorat.lkt malware suffers from a man-in-the-middle vulnerability.
415535c4ed805c02d62fb0b8853ec91e5fadaba998ecb5ce707b6488f66d4c63
Ubuntu Security Notice 5098-1 - It was discovered that bl didn't properly sanitize the inputs. An attacker could use this to leak sensitive information.
e1d064e8643990ae3e68cb3add1b17d3bce59c0ff16f694ffd71dc66a742c4a8
dH team discovered a PHP object injection vulnerability in all Tapatalk plugins that can allow attackers to execute PHP code, perform SQL injection, or cause denial of service conditions.
9815132553e548145b0f1ac5ca8e6b6b1385c74fdbaaea27a7e1881bc17fda9c
Backdoor.Win32.Prorat.lkt malware suffers from a weak hardcoded password vulnerability.
a68a7bc9820e5123f972b42a727df5d58a9c66481e8fd806f11f7d0b592331a0
HackTool.Win32.Agent.gi malware suffers from a buffer overflow vulnerability.
3d32177a8f793cbc0e95a02e110ca5faeaf22ecd34ae0aaa05b1539ff309b3fb
Red Hat Security Advisory 2021-3723-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.
3e4800b5e3e4d8a2012f3bf9ae908f590535ab2f963150c4f4cc8a7501feb9b3
Atlassian Jira Server/Data Center version 8.4.0 suffers from a limited remote file read vulnerability.
ecbe65e6819640536803270e333b2bc7cd27353076cd635aa742fc37892cee93
WordPress MStore API plugin version 2.0.6 suffers from a remote shell upload vulnerability.
001553d6934cf01ab5c5097d1c93f38d2b5ae95b089fc669649ec8d6c57908c8
WordPress TheCartPress plugin version 1.5.3.6 suffers from a privilege escalation vulnerability.
7850b01aef3a4c3f2cab59fa9ada15b398b755a91536d4449134aaef697ae207
Trojan-PSW.Win32.PdPinch.gen malware suffers from a denial of service vulnerability.
1341276837a234923cf559d9f5303fc4136e3c08095ae4f7bf77990598809dba
Atlassian Confluence Server version 7.5.1 suffers from a pre-authorization arbitrary file read vulnerability.
7f693737140518ca2e42f870252d34d097ff4d86974a396354174c05e262de77
Red Hat Security Advisory 2021-3724-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.
5b4746b2e6a963ddb8da08e66de569b8a8fb3556471974caf5e2ff25fbcb5cb7
Backdoor.Win32.Hupigon.gy malware suffers from an unauthenticated open proxy vulnerability.
c1b850b3157ff8f7a08fa428cf706a00ff1b38893cd256c13659e36d4c0c2750
Ubuntu Security Notice 5097-1 - It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code.
984bebbc6bedc09a3c18d8fba143a8afaaa1de6d468b180259e8a08b5cd6f8f7
Try My Recipe suffers from a remote SQL injection vulnerability.
c94f157f549bb5ecdbfc4b66f581110eee2232420bd80525eb1415a6c0e73b3b
Backdoor.Win32.Bifrose.ahyg malware suffers from an insecure permissions vulnerability.
c604eb973000f6c7c25585d81cfcc24c3c17842121312fe4544ec74e724eca69
Student Quarterly Grading System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
13081185001c6c179602f2f728c6c3a9b1bacc5f1ea7c33e7a58292505e62f1f
HEUR.Trojan.Win32.Generic malware suffers from an unquoted service path vulnerability.
9c1fd059422f72e2c2f10852276716d396c357586602e9e15a7e6798b52ed429
Backdoor.Win32.Yoddos.an malware suffers from an unquoted service path vulnerability.
3205c24df1090ccb5552f5dca01862fc57813028230d2444c2d62a731e1caebf
Backdoor.Win32.LolBot.gen malware suffers from an insecure permissions vulnerability.
0b234e930c08d5e69d69d8ff85bbe3a0a073093ba0a505c1c1dd251109d32ffe
Virus.Win32.Renamer.a malware suffers from an insecure permissions vulnerability.
153bb0d2e587eb9b7795439a029da68616ba13e486fa617d09531822bf75d765