Red Hat Security Advisory 2019-0374-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
94cb3b914e24096a9953d2552fa161db349fd60fcbcc64c1bce30759ea79c657Red Hat Security Advisory 2019-0368-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include an input validation vulnerability. Does this look okay?
fd8df8cb4e6e0db493f1f71689b9f8c28fbec63a0146be1127bded9a26a70976Red Hat Security Advisory 2019-0366-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
d3b3ce54e51fb837ee55b210bef2e4adb0ebb11e803bbd0a54c2b9e2194299a3Red Hat Security Advisory 2019-0364-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
a228d9418494e5a5cd97d703c55108239e82d26c2deebf111ebb52fd2adf1aecRed Hat Security Advisory 2019-0362-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
09b757ecbeea503e2e2dd6f7ac771af07bbaed81be2e458c03e54c8290188e5dUbuntu Security Notice 3893-1 - Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
d764a48abf0e545fcb7ac51dfc66b540808772988998742ed8bf5aa6f538b5b8Quest NetVault Backup Server versions prior to 11.4.5 suffer from process manager service SQL injection and remote code execution vulnerabilities.
d64452d985968041fdc707a0dfbae3290f40711c502eb6aaaeb24a77072e2e6aHanYazilim Paper Submission System .NET version 1.0 suffers from a remote shell upload vulnerability.
9e56bb1733511e624c2769b8fd1cc00970c0a41d2168115bad4fb5aad8041809Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
e8f98353453279eb4827732971e8dc50cdcfae3e566850120c321377d7f7b477Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
d5c56603942a8927670f50a4a469fb909e29d3571fdd013389d567e57abc0b47The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided.
37ab5bd3eec6195dfddf3099592e9cd3aad7e37d04562dd4ebba3cbc36289fe3MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.
0ccbebf140226df810122f520adfba7097e335f9c1626f1162be12918d0909ffWebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter.
8b5b037a7c556813e39c8ace7602b2465e0d1f1bd48644498c3c77c7c30f96e6Ubuntu Security Notice 3866-2 - USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d3b572b9e8dd59539d1f53e077357aac14bc80c5a7b56bc9204c9a39e33d44ecMikroTik RouterOS versions prior to 6.43.12 (stable) and 6.42.12 (long-term) firewall and NAT bypass exploit.
76d8b41f9f478dd81cf50cfdd51f6592ff6a23a044fbd5ad0d719cc3c7cef3acScreenStream version 3.0.15 suffers from a denial of service vulnerability.
80f8bc6d09f3f73b635472cc2a3b5a76617279a448667494a4129e4dde624995C4G Basic Laboratory Information System (BLIS) version 3.4 suffers from a remote SQL injection vulnerability.
105a483e409804b0fff0748e498f8c46b68c513d439a743dd34f7fe6876f970fVirtual VCR Max version .0a suffers from a buffer overflow vulnerability.
21edc1d24274891ee85c0133cca0fcc971802d357249b4f867cef403acaf597fAirDrop version 2.0 suffers from a denial of service vulnerability.
7ad6c43ffaed0009c5c879421a4c957c290c029e10ba022d3e483bb5eeae09adMedical Store Script version 3.0.3 suffers from a cross site scripting vulnerability.
9a1f801acf5c5bce1ff29459f7e08eaf2a58362ad4ce999902e39a814070683dWordPress Village theme version 5.0 suffers from cross site request forgery, backdoor access, and remote SQL injection vulnerabilities.
27adfafedcfe47f73c1954865735f79c81c28a637bc1740b0417e8fa73c37141Typo3 CMS Modern Guestbook tx_veguestbook_pi1 version 3.3.0 suffers from a remote SQL injection vulnerability.
a2dea393d022fd3fa2f6800c76deb936c546eb08ce2d45be2801966f31ac584eJoomla AdsManager component version 3.2.0 suffers from cross site request forgery, database disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
01c4a4784a6d62f40a52fc15f9c5a3368ca70716e3f78820d5e7d3a4534d5d72Drupal Pubdlcnt module version 7.x-1.2 suffers from an open redirection vulnerability.
5a5e2cc4bc34572b323417c64f4e9650678715862a7a81a19fe3a2f57fbcb7ddValentina Studio version 9.0.5 suffers from a buffer overflow vulnerability.
993dc07913420503fd7e4b429c9b0779d6f5e0eed0972d0e32e174e6c0172efa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed