WordPress Advanced Order Export for WooCommerce plugins versions prior to 1.5.4 suffer from a CSV injection vulnerability.
b442bfc1ff5a550668767180da731e6414671e0ecaa40bad1a7e49e4990151aeDigisol DG-BR4000NG buffer overflow proof of concept exploit.
dac99d336f857ce13743c116d4e127f6b0b03e4118792e8bc6547d08f6ca4be2Foxit Reader version 9.0.1.1049 suffers from a remote code execution vulnerability.
bf72b6326ebb4c4437a3f788a33ad75112bc77e87bca036144808a27a94871f6WordPress iThemes Security plugin versions prior to 7.0.3 suffer from a remote SQL injection vulnerability.
107663c120501616b8eb96371f4388f40e15818b829af2e9c65a7a05bc9016d1WordPress Comments Import and Export plugin versions prior to 2.0.4 suffer from a CSV injection vulnerability.
dd726e7afd5756b20eab3a209cfe55c9eaee45075174c01a420cc8ca9eea7330Intex Router N-150 suffers from a remote arbitrary file upload vulnerability.
41f7b18f0ddc4a27bac0aab0fa06a2941cfae7193e219a23716bcf83456465cdAsusWRT RT-AC750GF suffers from a cross site request forgery vulnerability in the change admin password flow.
363560f7c28221e14f216c3e9133cd294040a8d4e3874784d921d8085a9c6803When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0.
e4f92891c53308037346815989f93e355401e22ad52a077945971a06a625d400Red Hat Security Advisory 2018-1974-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Issues addressed include a deserialization vulnerability.
845e1273b91ea122e2412665711776fc99d8d94609b34d54213ab9e3c6cfcc70Red Hat Security Advisory 2018-1972-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include bypass and code execution vulnerabilities.
b140dd006daf760c636deaa14803fc48a9e08b6f5c14a57c32fa7e771317d912Debian Linux Security Advisory 4233-1 - It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected.
dcbba3a290782dccb23af4e8190fd52a91230c8057b760f300fecdae85ecaae6LaraChurch Complete Church Management System version 1.0 suffers from a remote shell upload vulnerability.
74c24675bc36326d18164cc7e75750a834079c43dad4b38c86105cc6271982c1Gentoo Linux Security Advisory 201806-8 - A vulnerability in file could lead to a Denial of Service condition. Versions less than 5.33-r2 are affected.
b94cdcbea242d2d0d9cc9b96a89b98e74ea14d232875d3bd37d0d320a89fe751Gentoo Linux Security Advisory 201806-9 - A vulnerability in PNP4Nagios which may allow local attackers to gain root privileges. Versions less than 0.6.26-r9 are affected.
f4020e1b4106ffe0ac111a19a96ef70869876cd8bd9cd585d9750196443a33f5QEMU Guest Agent version 2.12.50 suffers from a denial of service vulnerability.
7ca46842a4552a3f52d42e40ba042adc118e1f7768b7b449703c7f601f35f8dfphpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.
7050bd8ba32a957693bf8e975344bff3d03e5961028dc6d3ce1b55150c1c75bdphpLDAPadmin version 1.2.2 suffers from a server_id LDAP injection vulnerability.
ea423c43ad0fc17c12ec40d4262d0de63154ac2c90e86fc3f31f4dc03dfa7f3aGreenCMS version 2.3.0603 suffers from a sensitive information disclosure vulnerability.
7d6c7ab895eeccc376b61f9eecae36a8cb67d36f6d7dd5c15baf2ee5e36ac928phpMyAdmin version 4.8.1 suffers from an authenticated local file inclusion vulnerabilities.
10f1c79df42b570582f12ca0a79fda04ac535de993f89a192efc5df8747b4b0dThis whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).
c3809eac9d774959095aaa64f57d5970b03ee8190b8247907992919c1953a04eUbuntu Security Notice 3691-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.
7d06ec77a02bfafefe9a5d49677b3d153c5882a5ed1dc168714bceea224ce19eNewMark CMS version 2.1 suffers from a remote SQL injection vulnerability.
a5b67070527e71e465576be26504e0d9507657ba7e3b0708cf062bffc4464459LFCMS version 3.7.0 suffers from an add user cross site request forgery vulnerability.
019a98515e52316e1ebaf9556bf4b8652ba3786998863ba5cdf80457643c1520Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.
88fb47c426ab72726184cd69a9d07190839101e253c7eeff53954ee9a10a4136Apache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.
ab8707eb0c1362d2ee6b04feda50214c30fb3a36f58e891f9b7dd244982cac5f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed