NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.
ee955b7a52b2b1e4a0cd6baef82904dc7cfb28e310abaf3166325756dc708c3fThis Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
1140a40daee90570960cfd7f3c6d5cd7ddfbca7468a85535b18619b259be1089This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
808ddc4f2e9d4a40b867ca92e98217e9170d718d92040b6e9e8b3c8f3b5a6144Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services 'AppSpider REST Server', 'AppSpider REST Service' and 'AppSpiderUpgradeService' for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
55ddb2f9d5c796a92a54f5b0955345575e3f554eb0f7b54edbe97bbeacde61ddTeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.
a6f938983c6627ce76219ba9164c73d23d86783ad91a0f97d30fe23dfba8b5cbDebian Linux Security Advisory 3625-1 - Several security issues have been discovered in the Squid caching proxy.
22d0c205cb033a2148166187d7a118d29d9dcc6295325cc3e1f28d5ff805791dSlackware Security Advisory - New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
392fdbb15e2406a2e95e9434965942b6e2760982231de9e6252d3eaa20a27e51Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
06b270db60bab1c5042a20d49f118cbf8e37b6f5c672d51b08de3cc253ac07e0HP Security Bulletin HPSBGN03631 1 - A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
c17910ace9f145dd7b8ebe6050394be1f1cf3db8ff2d238485bbcd1b64225fcbDebian Linux Security Advisory 3624-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
53d03f4dfe05293f62735d44f4c1cbc475df2006023022701b93781bd8a27a44Cisco Security Advisory - A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability.
6dfd8f85b7b8a3672b9bf5091412d2147c9c73b4c2fe4155a60fb7012f9b6b5fCA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface that can allow a remote authenticated attacker to cause a denial of service condition or possibly execute arbitrary commands. CA technologies assigned a High risk rating to these vulnerabilities. CA has a solution available.
73cc896f660109cfbf1891052dd9f1b1640ae00c73cd08a56768406ad81de904Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
c81fe238a093f581c2e3f1acbe9851b1639fab9e9c630bc83f68e883dc6980d8Apache POI's XLSX2CSV example suffers from an XML external entity injection vulnerability. Versions 3.13 through 3.5 are affected.
59a7590a9b5e7abbfef473d55601ecaff052c17d0b8092896f3dbb707052b67c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed