Micro Focus Security Bulletin MFSBGN03827 1 - A potential vulnerability has been identified in Micro Focus Real User Monitoring software. The vulnerability could be exploited to execute arbitrary. Revision 1 of this advisory.
ab13bf0e442bc072c2571cc544c143eaa85a0ddafb8372ec20be428a8152b862Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
e2a6e9ec1ae8b96e67a1f30b278fa7f17bcb3e584472afb5823947db0b4a7075Microsoft Data Sharing local privilege escalation proof of concept exploit.
da8c6406c1abcf27d99ca4b620356d083b3c9d9f3ce24c41c93b45e85d1ceb64SG ERP version 1.0 suffers from a remote SQL injection vulnerability.
f6b68c383cae436410bd69f36a0ef65ebdd0d2595fef8a1d17ebe5fc7c7e01cdExim version 4.90 remote code execution exploit.
19a743e6423b65998debf24be560524e381d039e1cadcd20d9257dd956d9b4a1WordPress Question Answer plugin version 1.2.30 suffers from a cross site scripting vulnerability.
d44391c0448238523824c2a679caee01b4d2cea7dca1ad65ca6ab902cc45d2c3WordPress Pie Register plugin version 3.0.17 suffers from a cross site scripting vulnerability.
057d741f7c549aed246af5237089d843b8893e0bc20ee5587939842697dfa4ffLANGO Codeigniter Multilingual Script version 1.0 suffers from a cross site scripting vulnerability.
7ef7a20f78b99c0b6409e9aec1213dcdccc6549054e8bf691f98d9c6cc7f0723Apache OFBiz version 16.11.04 suffers from an XML external entity injection vulnerability.
36d19f82674523cd5eb22a791b5b04960c9b88ec383c0ff4e0f963bd580a6ca644 bytes small Linux/x86 execve(/bin/cat /etc/ssh/sshd_config) shellcode.
569c1b818f20700e5f5bd58566b797c2f92c5f341cb5ada4c7481b026ff2ee07PHPTPoint Hospital Management System version 1 suffers from remote SQL injection vulnerabilities.
2d4b587c33cdf76d4e73e4c8c3ff290c9508b810cfcb0d1537d816714c7afa88Adult Filter version 1.0 suffers from a denial of service vulnerability.
9867ac15a175415eba7e8b060d59d30c7d1378360895e66c413b3675488f1fe0Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
4d83dd2cb588186032dc024e4d9adfb8b6c6e6badf4d60e6ec4228200b4eadf4Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
7fb1e433412d64fcd2335a3ebe7f66437ef34d5a0d3a1df62e2476f3169244baUbuntu Security Notice 3799-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
373176b69d28c5401867b4f69957eb471b3dcf79c5540b6ef157d1da8944e3acServersCheck Monitoring Software versions up through 14.3.3 suffer from a remote SQL injection vulnerability.
b267f07255ac1f9527b94b152495c2752caa4c5090beb524c804d4da1757120bThe management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.
e7627b90298023da272c5c16d0da665c56143382a6c2331b9af84784625a3870Ubuntu Security Notice 3788-2 - USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
2d47b8bdf8609bcc81a667f1522f2669d082a623dae2f92d06e0b23cbe237c2eUbuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
769cc3a35204cab453698f34a6b0570d79e3ff0a88450698a2577c0e6fc6a664CommuniGatePro Pronto webmail version 6.2 suffers from a persistent cross site scripting vulnerability.
a535a63c85dc9cfff4acf85a2aa9f680d4de5f3f74f0f55765388bb0812e708dUbuntu Security Notice 3798-2 - USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
fd020e9154c2daad496c63782c19bbe804be952aa986f8f81262d8b5a00966e9ServersCheck Monitoring Software versions up through 14.3.3 suffer from a cross site scripting vulnerability.
f72e50d49c38f1006ec46a87b034d9463e5d15724a14d0dd13e5b11b88e2ed16MGB OpenSource Guestbook version 0.7.0.2 suffers from a remote SQL injection vulnerability.
58a47c1a4b51e7cc54fa29393ec63e4f2e29fe080bea156021641e14cdcf90f3Microsoft Active Directory Federated Services (ADFS) suffers from a time-based user enumeration vulnerability.
b3eae50ee8fce1eb1e74559f4e6977c7d9770c9481f60f81641dd138862d381cUbuntu Security Notice 3798-1 - Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
99fd6b610927b5b8387a7632ff8dda5701451a4843acca90e6d3e48acd81d539
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed