phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
46f778fd23af1e4e604d32a71ab007e759502445aee2fac99855d70658df179cTapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.
4c2ac67c5b46a7a29eca71bdce6d0d5e4bae47240cc009a9db8ee3f28921ae2fUbuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
9587c69c7756e324145670c1fa02e480461438c991a57a910589e604dd2916beUbuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
e98ea598a4eabbb5087a8a2218a2de8f5f9a525c48b0b236080247fe6427f405Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
ef38fe69a1b2b013844637997c00e81a3fe74fc6d31ef0d68664ca8f80f25e78Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.
3d67eccee429a5b3bec862d348e0074f9353a2c70c77050737f7b24e3cf0581bDebian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.
81a59b7cc1ef7d34159e6e65e525185ed75b9cf941edcd194b74c93ca269d7baMicro Focus Security Bulletin MFSBGN03810 1 - A potential vulnerability has been identified in UCMDB Server. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.
ddc6aea3c24bc784e453f484248914290756fc2f5d2a6ed9a992f955022bd340Micro Focus Security Bulletin MFSBGN03809 1 - A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.
c35c0fe3546bf4b775e3a4e6cb89b9494564d95054a47f97805362fa22e3cb30WordPress Redirection plugin version 2.7.1 suffers from a code execution vulnerability.
6e03c93d4bc0c24637449acea5c75634bca5123ff219155cf49649fbad878f18CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.
e96803cc63a6f3f9a3937d46a106a0ea76325469c5a8f0baba0c2727dc8b5776Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.
a6a84db972550427bdbffef1187ca381b22ab72d451b794ffdc1428708a5aa70Easy Chat Server version 3.1 add user local buffer overflow exploit.
84704312867b1f53e61dd87b7de51fb6a85f2b990333e6f7abf44b718dcc9c9dRSA Authentication Manager versions prior to 8.3 P1 suffer from a cross site scripting vulnerability.
2b223860956e93ac2c2acca73aaeef144d258adc465344b1754d85ef3b5684cdDebian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.
5a5feaaf506512f745c53f9e670f39ae79f695bebb733d1abd47c840d8bddca1Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
70613b1dd8bebafbf47b8ff616c76fc30f6a92857dbf198e9f0fbe3db6e8e22fRed Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
19ab2687ceb485d0479ff41218a79b7bd4a249b760c23a13683264c202621293Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
0897462e75854fb4e6baef305d59332291756546f6848648d42df67f1e8ed263Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit that can lead to leaking of sensitive data, code execution, and more. Various 2.20.x versions are affected.
c0220c58b288dbb3089fcc06182e86efa1aa62220a826e40338a53ed4207e04aUbuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
60f255fcb7dd889a143694b47735ea1ee2e3231d8c3486947620ea6096bc226bGentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.
779e58431c2af113e03ed8db2a2c230b0e6986853d41570ca3eeafc0829d4138Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
05ad4392d125c7b662cb1712b5aa9d236d115c9f15d0ec8ebbe0e97a51fde01eThis Microsoft advisory notification includes advisories released or updated on June 13, 2018.
b81a1d6199c844c4cc6acc1813b9b373ba7ccc1bf07803e89c7c4462e02270ffmsploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.
8e49a427b89e77829f637050b63b7f3b4b807da701532e1a03fa3df59ba6be22rtorrent versions 0.9.6 and below denial of service exploit.
f7be24ced979554cd7ece10f47684061f0d8fff02b634f27179262b3a3a47322
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed