Proof of concept remote command execution exploit for CUPS that leverages the vulnerability outlined in CVE-2024-47176.
f82d269469017149bbd434de30b07d4526663090bd5e3ba7fda438e2b9fa9ee7ALEOS versions 4.16 and below denial of service proof of concept exploit.
93e119b2d764c5aa22f0c54cf74c0369c5a4254019d26c982bb0de6d5d846df2Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
26d0a36194d53080fc8b09b999b2b5a83c4049f40ad07ef6ae69c7225a728b86Ubuntu Security Notice 7051-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
ce5df6d62802bddd9c18e1622465edf5bc09f0f6e0f1e2fdd958088e44de9de8SeedDMS version 6.0.28 suffers from a persistent cross site scripting vulnerability.
75d46808d529b03da78981fcc0f2145d72906b8de2ab27a0228bbdeb84460b97Ubuntu Security Notice 7047-1 - Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.
3f46e8a516b0f9f0bbd8555823593253a66c38601d76fb92de6cea6c1ba692deUbuntu Security Notice 7050-1 - Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled generating multi-factor authentication codes. An attacker could possibly use this issue to generate valid multi-factor authentication codes.
649e314e73310f27b5bbde6f947cee700c633ceec8e102f8afc658d05100d5f5Microsoft Office 2019 MSO build 1808 (16.0.10411.20011) and Microsoft 365 MSO version 2403 build 16.0.17425.20176 suffer from an NTLMv2 hash disclosure vulnerability.
a515b741cb4fdee423e7ca948fc50654803bd1c926175eccc8866a749034e338Ubuntu Security Notice 7043-2 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.
a09eaabe0ef1a2611294b49eb1f783c16957c290485e82b3cdd482bcfd685809Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions.
14e6ccaf04bbc5174ed15834051334a5b30f6e99b3c0e67287922b0ab80244b4Tourism Management System version 1.0 suffers from a cross site scripting vulnerability.
c3e17922e2b266bb53516cda7f7564ad10b76a73051bd10448a3be4dfc1c45a4TitanNit Web Control 2.01 and Atemio 7600 suffer from a PHP code injection vulnerability.
ae322d271852c8f25de18f6d647d31c02a2bc3f366c6ee1f1c7d3ed36bff9c05Teacher Subject Allocation Management System version 1.0 suffers from an ignored default credential vulnerability.
f3361bf9186b472b9be8cbd6ae5f7d9d24dd48bb2c9b3fc4085a3f7ab2c6d9acUbuntu Security Notice 6964-2 - USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Noriko Totsuka discovered that ORC incorrectly handled certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code.
2379cca9465cc096c3f11a0ee43e1be249d1c0ad024aecad3fd5165323bd6c1cTask Management System version 1.0 suffers from a PHP code injection vulnerability.
5cf8e15ce7499c6490e96ebc008271a147e725e19d95b6b79612ffe0933de18bUbuntu Security Notice 7022-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
5e2869f9ed921d462e17d616b733317644fb32d561e9fc36d17f1dbc09c8865dSupply Chain Management version 1.0 suffers from a backup disclosure vulnerability.
ede00ad1b8f81b125e0be45a893d89d85ad8a477424a3733200965b882b35e48Event Management System version 1.0 suffers from an insecure direct object reference vulnerability.
d2bb430c38acbee7a6fe6f3edb233221ef304d3aed80af6ed983ecec5bcc3d0aUbuntu Security Notice 7041-2 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
00bb0d1161c328ea5fca70221a0d2f5a610de947f48d9998a0783ca4b84436f0Ubuntu Security Notice 7003-5 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
e57d853b0390f83094b938450c8016f8fb2162c14c9c0b034d166c25cbb6646aStudent Attendance Management System version 1.0 suffers from an ignored default credential vulnerability.
7e5ab7f730f50871718e3ec2d045bacaae8fc1f041e5ecbc52b83bfd78415851Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.
64c7b498f30407937f82c5a5d093175b8c0eb3b9248d740f693ab2cc8a761dc3Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.
333f8e9acf88b716c8f705136df2cbeab5dd285f7a012a80e2b10300aef20534
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed