Android binder suffers from a use-after-free vulnerability in VMA via a race between reclaim and munmap.
30e7b19cade88138c58960f0d7e5f5b18ba1d4a346ffb29b3faf11ceb745b600Android binder suffers from a use-after-free vulnerability via fdget() optimization.
e1809748df02c9d09d6f4feddfb033fdc2a0eee3d38b0c8d9099f338a04d4eedipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.
108b24a0da7384b87372197169bd65dc91c58a776947dcdbab22a5dcd8c8063aRed Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
eb4166c50e12a48a55f375462457cc665acf1c2f7589037a65eb5ae947f94e0cRed Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.
dbe3bdd9fb25b0f8e7112aad117c48847fd8f9f967a4b076ee5b40dfcc7e2918Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.
363a981e5d0b6820f7dbde5f83a8e9b84e0cc2a0208e369d24a824efdd7dd5eeLayerBB version 1.1.2 suffers from a cross site scripting vulnerability.
702c64ef6a0d830cae9f5467564cef670bd29d35be3a0a60bcd6a840fb550c9fBlogEngine.NET version 3.3.6 suffers from code execution and directory traversal vulnerabilities.
e49280b62c0fab022834f64d848d66c34f0be69807c773aa5c6000bf8eead37eJoomla ZCalendar Zap Calendar version 4.4.0 suffers from a remote SQL injection vulnerability.
0fd178b31648f3260452ba672ccfd7a94ebc42604baf12da7d46688879a39c6bJoomla WordPress Blog plugin version 4.8.0 suffers from a remote SQL injection vulnerability.
f23d0cf4071ad835fc57ff9482cc094ed174de476687030b773d1f1d64132f26Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.
49477a24bf923b15d7a1fa08ddc92a230dc8d16473c7b84812942e3253b3e04eJoomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.
ff3ed0f4f6b454abdcb15666e6a1492409e1946ba2cf91ede9b57a8366956184Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.
7e0f599e2a5ac00ba05dcfd0954c7ad84f620009dbd2dc1879f788236ebf35e1Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.
67a774b08d7de877c935eac6bfa362b3adaa01b872550253e50478960fa34e27Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.
f1ddc09174aefaf7e7e70d98ddd545b17e5a8103c4059ebb61ae539c02af0ebcJoomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.
666573b06f3b684ec2602cb6e3a8267107b0d14b8d72d5580802d755724fd52aJoomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.
5ee466b9276f596647b1cb303df250caa5a3b0c0b515c80a0250a2e313c4457fJoomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.
e87de497e1bf652b6ade3c24668df4261df02eb3e949f4b1f9f1eb1d4eb165e6Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.
e958c3e439087b235f321d5e3fda54438a4a239199a038e5a4b8cfcb3ef24ec8This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege.
8ea53be5af0483c2c3d30fcac65026e3a286197d419ceee4de6b5bf2f1cabbccThis Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.
7a0ea0738d43606ec6870e46a4249dfcb5578f826120fe39781d750879c33d98Webiness Inventory version 2.3 suffers from a remote SQL injection vulnerability.
7938902c9f301faa0f8de8e0dcb408f4f33880e0a27f737835c8243f972462d6MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.
95a8b1f2cfa7e437a276bbabdb00d7498620ef5483e38eeeb1eeecad3491dba5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed