CA Automic Workload Automation Web Interface versions 12.0, 12.1, and 12.2 suffer from cross site scripting vulnerabilities.
c31a0d7f43b1fc69972bfcf43db6eacf665be4a8ff535f86886fe96b5634cd57Endian Firewall Community release version 3.3.0 suffers from multiple cross site scripting vulnerabilities.
77efbdae60d700d9006292a6073020971d2b9a1fb71fff2e7ebb7addbe8101d3CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.
2d0f5efc3794a546ccb3a1a16e6a7ffb08045f0e8c7fd8e494d47a2b7001e01dRed Hat Security Advisory 2019-0160-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
0eab7472c7f430ba1c73c0806d5414fccb11a327c2106d82bf61ac2ec3906bbfUbuntu Security Notice 3868-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.
85233d2f28c9005d6f996d2675c0d1f4b94b69c26083039521f3cc4a116d3f42Ubuntu Security Notice 3869-1 - Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
74ce9c4546b2646e8f35d2590f209dd0480300722e89c38524888e895003b6afRed Hat Security Advisory 2019-0159-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
4b293c377b9c126c1f64c864bad6bb138798a4a720559e51bba799a78c547adcSplunk Enterprise version 7.2.3 authenticated remote reverse shell code execution exploit.
b6118470c9d2715eff34c6d16eae7f5de6cc9ad08abf24dee9adf93603da43c9MySQL user-defined (Linux) x32 / x86_64 sys_execfunction local privilege escalation exploit. Can be leveraged against versions 4.x and 5.x.
e02a501fdb4102e5f71e848ff9b84f09cf44dd7eb311fd41c2c28f7b0c71ba5bSirsiDynix e-Library version 3.5.x suffers from a cross site scripting vulnerability.
ff68cc093cad71b3daf1be92223c3d972c0471970400b0371cd0c0dce3e39c4dLogwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
9d4a00625065f25058f8966e7fb11f9f72db25507b4dd9c05f57e14447c33295RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.
0ef1e407d0628e9e533465222b68937646fa1649db7cb36d50953a7f19722bfcRedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.
fdf7195ccf0d6541be985c8d496c6247eb5c5e6f97854845e3c59933dda9393dRedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Affected versions include 1.4.2.15 and 1.4.2.17.
942511fa9b0bd63bd49cf08b8956b08f9864c3d173a12a505da9fb6a9e650162RVAsec is a Richmond, VA based security convention that brings top industry speakers to the Mid-Atlantic region. In its seventh year, RVAsec 2018 attracted over 650 security professionals from across the country. For 2019, the conference is a two day and three track format, with a mixed focus on technical and management/business presentations. It will take place May 22nd through the 23rd, 2019 in Richmond, VA, USA.
8974d2d1e248d9eb8b49d845d9b6a320091e9741f834a83e500764e6494e4e41ImpressCMS version 1.3.11 suffers from a remote SQL injection vulnerability.
1f92f65e0c60882962f5d6c4b59a7be2a58d708a412519adac5add21a7aa75f5task_swap_mach_voucher() on iOS and macOS have an issue where task_swap_mach_voucher() does not respect MIG semantics leading to a use-after-free condition.
0257494f6d9310ec9e5e1c1bff8a123fa3b6a565f2650f06da253e0be3adc7d9Joomla! JHotelReservation component version 6.0.7 suffers from a remote SQL injection vulnerability.
71bbbd422a50115ccae68970ba8ebbb037ca2c595d01f4140f3fe66d00ab553fSimplePress CMS version 1.0.7 suffers from a remote SQL injection vulnerability.
e91ac0660822282233ba8b9afbf5a76f5e229a4cd923cee40aa9ea396c881780Joomla! J-CruisePortal component version 6.0.4 suffers from a remote SQL injection vulnerability.
934189203d36a345c740a8b0b0b518efbff60aad27bea4d29b6201ca662c00f9Zyxel NBG-418N V2 suffers from a cross site request forgery vulnerability.
273ea7ce7048197b7fbc31dcebdd94bb1be4a46fc0191bdaefa68ce14fdfd2faMicrosoft Remote Desktop version 10.2.4(134) suffers from a denial of service vulnerability.
ac0c640d52dcc258a6aa28bc43a4fe07bbdb15e0060ed37aa64a2dd1e1f34dde
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed