This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the "perl_startup" configuration parameter.
9244d1a56ca1a0b4187fc7d9232dd5485fbbf380c0bdb9f35ea79df0019c335aBrickcom Network Cameras suffer from insecure direct object reference, hard-coded credentials, information disclosure, cross site request forgery, and cross site scripting vulnerabilities.
d4263442a7cc41a494d9af50e1ba3231bc2e0bda0bbf7e50965fda5669553dc6Asterisk Project Security Advisory - PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP connections and sending no data to Asterisk. If PJProject has been compiled in debug mode, then once the number of allowed TCP connections has been depleted, the next attempted TCP connection to Asterisk will crash due to an assertion in PJProject. If PJProject has not been compiled in debug mode, then any further TCP connection attempts will be rejected. This makes Asterisk unable to process TCP SIP traffic. Note that this only affects TCP/TLS, since UDP is connectionless. Also note that this does not affect chan_sip.
122646434ef3ffdbf4f736e5ba7648af84f7dff43cfe57162960b91becc450fdAsterisk Project Security Advisory - Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring. This vulnerability only affects Asterisk when using PJSIP as its SIP stack. The chan_sip module does not have this problem.
afafbceea5744913691ffdaa1e188cde546064b48141faa603d4ecb51464d088Red Hat Security Advisory 2016-0632-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Ceph Storage 1.2 offering will be retired as of May 31, 2016, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.
571366d5e03d4e8944a1d32ee5130b116af47843449136c95f54efbf44c63e33Cisco Security Advisory - A vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2e6d030fae5d28b76ac8736016fce9f068231a0fdf92d0a4a48686c89aceba6fDjango CMS version 3.2.3 suffers from filter bypass and malicious script insertion vulnerabilities.
37f9d80f871c90b98fbef578bb3285d459c2ce9bc4b43e2ee9a1ea05eff816abPHPmongoDB version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
e76ac1cdaae844776a01728a703770c3e964816b862a0c6b2c52054c63a4e509Debian Linux Security Advisory 3548-2 - The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression causing an additional dependency on the samba binary package for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules binary packages. Updated packages are now available to address this problem.
af50d04b296b06f28fa050a688f99a7b316167b8c46b06c89022bfc29068b18eThe Adobe Type Manager Font Driver (ATMFD.DLL) suffers from a NamedEscape out-of-bounds read.
47ff745db957f4da9f0bfd5c001563adb1efd711f4a8c5d321e86fdc7660d19aChitaSoft CMS version 3 suffers from a cross site scripting vulnerability.
f2496bfce8bfd1272daa114fe6e23c1117c8a54c7bb3145226a1d3e60df3b268
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed