WordPress Firma Rehberi theme version 4.9.9 suffers from remote shell upload and remote SQL injection vulnerabilities.
c8c59e4a02f5403a340feabc1a089f4884ae51077e5c20ac3c4a8b5295873a49ZeusCart version 4.0 suffers from a cross site request forgery vulnerability.
62ccf2210eb7dc657459af9201570ab62754284d94a82f3efa750f369e3f08abCertain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed.
7858808a9580d86e2e50d68ec558fefa12e52e066ec9cec0e4eb1dad8f3869c8Microsoft Edge version 42.17134.1.0 Tree::ANode::DocumentLayout denial of service proof of concept exploit.
9acf1553b18b56a1c543ae6156a84a5ed7e2d14342a8efb0fc0ebc7ee7a97b07D-Link DIR-140L and DIR-640L suffer from an administrative credential disclosure vulnerability.
b26f91b5126499f96db63c1c08d745374df36ca7f8060dafe4f83f20296f194aD-Link DSL-2770L, DIR-140L, DIR-640L, DWR-116, DWR-512, DWR-555, and DWR-921 all suffer from an administrative credential disclosure vulnerability.
dca2d69a069947657f9ad127114026dad24b6dd36bcc4f4533a96dee6c8cba95D-Link DSL-2770L suffers from an administrative credential disclosure vulnerability.
cdee0b9e1b44d1de12c9b9fb9646ccaf5944e86d2cdee4427ae81b503463a86cAnyBurn version 4.3 SEH local buffer overflow exploit.
721307441b009d986459a18b09c46385f0dc2a9ebc573853323b5b40f2bff89cAngry IP Scanner version 3.5.3 denial of service proof of concept exploit.
5587d6c9d57d450f108f5e6bff493676614f9713bb9010fa97a5ce6f1f245236Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.
86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.
df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6aExiftool version 8.3.2.0 suffers from a dll hijacking vulnerability.
9125ebd05baf3cba08b78407ca03eb09d7ec9f270114ad2d4353f2644f25aa65LibTIFF version 4.0.8 suffers from multiple memory leak vulnerabilities.
99b39c7e3e305f25232c535712f3fc0ca2051fdcf102d69777eda04623c5b380Netatalk versions prior to 3.1.12 suffer from an authentication bypass vulnerability.
51cc419b02f4835a42ebe3c7b66a61c51ecb13389b696f0f310e6231976a1021PCRE version 8.41 suffers from a buffer overflow in the match() function.
3f1207d02f6c9c3867b95b89f18c07e29db058dcc1a59efdfff8b4e9cda80af0GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
700437ed6661ab9c7c3b03c3817839bda5dd3b2001180f4f2f725eab779578a4Proof of concept zero day exploit that demonstrates being able to read any file on Microsoft Windows.
0d21dea6b52ca43506fffddb7e706515d706e0ea959580f677916db5f3af774cUbuntu Security Notice 3849-1 - It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8af550c56d88e940bd49fc37b8e96986f53f118dc0a33f1ef43ae042d260ae9fUbuntu Security Notice 3849-2 - USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bdd2087e5d8c2e6ea3ea9fbd008a48c85005b8014c5200920d37f2ee93426078Ubuntu Security Notice 3847-3 - USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
88ddcb277ba792306a56a051e1a6ea3b2df9a11ba6f4d4f0bb790bd6664c4b64Ubuntu Security Notice 3848-2 - USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0e01790258c142284e2a185f6b24d6e1b1322200ec802bdf3976255b1f7553f0Ubuntu Security Notice 3848-1 - It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ef32f46b101a860f44706fee0448815aa83426a298a340332abb7bab4d753836XMPlay version 3.8.3 local stack overflow exploit that results in code execution.
6c199b638d8b42e86e1564b607a46e827485c7e7a005efbbe2ff1a41c6db514b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed