Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.
75683bf10479970e059d4148415a4d6ba28a3aaad459288029dd624f6ebfab5dPHP File Vault version 0.9 suffers from directory traversal and file reading vulnerabilities.
0e4a65a96a4a22d45e2f891b953ae6e0f8559136da12d4e2c558f8a051f8c198Debian Linux Security Advisory 3627-1 - Several vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface.
b459793bb9e3a45ee09e42a83c4dd91fd3fb925762e1b886f320caf9f253c3d9WordPress Code Snippets plugin version 2.6.1 suffers from a cross site scripting vulnerability.
94985924416acf59239d3c59d37b7125ae6793ec70caf0d2e55e2f9c1e404f90WordPress Contact Form to Email plugin version 1.1.47 suffers from a cross site scripting vulnerability.
db19b75929c766407627f561ce21cf8d75048502fd1ed0f6a31618524e63976cBellini/Supercook Wi-Fi Yumi SC200 suffers from code execution, weak default password, and information disclosure vulnerabilities.
1295efbedb315f2a50e34b67933ea59e41690a239b319460ffbcb66f607464c2Joomla Showdown component version 1.5.0 suffers from a remote SQL injection vulnerability.
8b35a2c8083869bc2c7bad988609159655f073a90a430d22f8d1d37effbde31eNeoscreen version 4.5 suffers from a cross site scripting vulnerability.
a6b88238b585b94aa262a507f88ea2fd3cd4471b7bec60266e9b70cd1f771ecfNeoscreen version 4.5 suffers from a remote blind SQL injection vulnerability.
9b49732caf396486cec8e75ddf871cc31afe00a529d92e86963b729e70d55f47Neoscreen version 4.5 suffers from an authentication bypass vulnerability.
2a1948518f12aecc90ff982e0d377eb99f4226f02f0def6336846be88437e601Debian Linux Security Advisory 3626-1 - Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users passwords are hashed using SHA256/SHA512, then a remote attacker can take advantage of this flaw by sending large passwords, receiving shorter response times from the server for non-existing users.
2f863fa4086db0a31226d56604fd7475efd80aac9d83230c52c988d3925ce6d0Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
120e40124b2650bf6bce6e60a521c443d54b15ebf39bb3e4eefcfa1bddb21b44The Joomla Weblinks component suffers from a remote shell upload vulnerability.
43c2692dbcc9023249dc7dcc905354ee474b5b51e10fc0837f5a1f16ea956d50Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. This is addressed in version 0.15.0.
a6b400b8f7febcf337e4f3b6452bfd2ec96d9d6edd9c6329679e50b857c3b896NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.
ee955b7a52b2b1e4a0cd6baef82904dc7cfb28e310abaf3166325756dc708c3fThis Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
1140a40daee90570960cfd7f3c6d5cd7ddfbca7468a85535b18619b259be1089This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
808ddc4f2e9d4a40b867ca92e98217e9170d718d92040b6e9e8b3c8f3b5a6144Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services 'AppSpider REST Server', 'AppSpider REST Service' and 'AppSpiderUpgradeService' for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
55ddb2f9d5c796a92a54f5b0955345575e3f554eb0f7b54edbe97bbeacde61ddTeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.
a6f938983c6627ce76219ba9164c73d23d86783ad91a0f97d30fe23dfba8b5cbDebian Linux Security Advisory 3625-1 - Several security issues have been discovered in the Squid caching proxy.
22d0c205cb033a2148166187d7a118d29d9dcc6295325cc3e1f28d5ff805791dSlackware Security Advisory - New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
392fdbb15e2406a2e95e9434965942b6e2760982231de9e6252d3eaa20a27e51Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
06b270db60bab1c5042a20d49f118cbf8e37b6f5c672d51b08de3cc253ac07e0HP Security Bulletin HPSBGN03631 1 - A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
c17910ace9f145dd7b8ebe6050394be1f1cf3db8ff2d238485bbcd1b64225fcbDebian Linux Security Advisory 3624-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
53d03f4dfe05293f62735d44f4c1cbc475df2006023022701b93781bd8a27a44Cisco Security Advisory - A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability.
6dfd8f85b7b8a3672b9bf5091412d2147c9c73b4c2fe4155a60fb7012f9b6b5f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed