Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.
2016e1b7fad384a5d33b446ff9f1776a9a363ae3b420b71f0e2afb27ee2b41beMicrosoft Edge suffers from a Chakra OP_Memset type confusion vulnerability.
611fa33be1a70a1567073da40901233c4521faaaa46eb3028856e6977091b785XMPlay version 3.8.3 suffers from a denial of service vulnerability.
3ffac9df0ab37e2c98ba976454f55a8dbcee2e6b3b7fbe637c4ce298c84b7abcHTML Video Player version 1.2.5 suffers from a buffer overflow vulnerability.
a0223bf0bde5176ba019ee18385b4a94aa3611aefb671a21c88c171b6d837e79Intel Rapid Storage Technology User Interface and Driver version 15.9.0.1015 suffers from a dll hijacking vulnerability.
6e7d0ae7e36d2519f2a95dd01eee53eeefd5b81452a1fdfc32e7ec88cc304a15Budabot versions 0.6 through 4.0 suffer from a denial of service vulnerability.
a8620cfd1ed239f5a681eebba7f54e300e332b8a58ce2704698bd1ea6a629401Easy Outlook Express Recovery version 2.0 suffers from a denial of service vulnerability.
82cb3c42702d61ce3a30a798b37e6224448fb4750089b14e6c59554868298e79Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.
6c5ea49388e7e87aca6197cfe70cc7c9a28214d75613f18a1201e869b8704850Mumsoft Easy Software version 2.0 suffers from a denial of service vulnerability.
2e6d3fa3ab3980ef650c389842587c04d50e541be8b89b6d86e5946e4b8c0473DomainMOD versions 4.09.03 through 4.11.01 suffer from a cross site scripting vulnerability.
4ac91c382335e4c719ecad12b7fb1d13f9831451a63236bd492da8666dd9934eHelpdezk version 1.1.1 suffers from a remote shell upload vulnerability.
4d7c2b7a7f9e0b66c40c6a479ca4b064ccdc419315c37b7f8039d533b556f8f8Warranty Tracking System version 11.06.3 suffers from a remote SQL injection vulnerability.
6b9d0c36e2b44c903b7a8825cda38efc3260a46b672d47f89e379535595683f1It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). Various other issues were also addressed.
fbe29704c99306a1bca47b078a9a33c2572ec3b421ae2b3cfb6ccde48d2a5412The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.
e46c0f54b8cf03d1272fe5737ef712ce4a51f293453a2cc14d9e32c21776b79eLinux has a broken uid/gid mapping for nested user namespaces with greater than 5 ranges.
53da54afe1913539df473ff36059802468d06980a436040ba7120c6c26f62627Asterisk Project Security Advisory - There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker's request causes Asterisk to segfault and crash.
a56d17dfbfb2b6944825ab3cff3e105b1980de74f095cb346ae3206c73979820PHP-Proxy version 5.1.0 suffers from a local file inclusion vulnerability.
f0ca6a202ddae17ea444fc29f7b815c94b62a46e46f24bebfd908a606e8ffb31Ubuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
31f8e6ed4e51034194ee99c3c3f4111fc4a66b43bb164b2be0acf59e4a893bb3WordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability.
963b1ae48c444869a69d47c024decc1fdd5ed66b0d4e4abf605e48d411637012WordPress Custom Frontend Login Registration Form plugin version 1.01 suffers from multiple cross site scripting vulnerabilities.
2f11147bfad36e5d36f6e32c8fdda833f458c752b0028154d051337b801da16dPHP Mass Mail version 1.0 suffers from a remote shell upload vulnerability.
e3c4e7188b06f9a56c41a0be715cb793b8eb4f0847415459397ac142b833df82Red Hat Security Advisory 2018-3618-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Issues addressed include an information leakage vulnerability.
d36e316a44fa5a6267ccf0029b1c696b1b8493f082483c7337d9fd14006b1bc0Ubuntu Security Notice 3822-2 - USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. Various other issues were also addressed.
12f251d1b02cc09b2a7869afca47e925382c2467ba8f6d0eadc536cd46f72f362-Plan Team version 1.0.4 suffers from a remote shell upload vulnerability.
442fb96dd10d19f767e144b83668e57b11f58fc9ca341b451618d9fc470da457Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability.
6efe357134c7d6b607240bdbab0ecbc630c4ab7ffa79c8428e6d32c02a237504
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed