Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent versions prior to 2.0.19.
612b3d1040426906f9ecf9282768acae87d4201e1009859a877feab335c41aa4Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
02d50fafa7afa15affc9d2a910ba52a7906c1a7771884976926c3e1e9b326884Chrome suffers from a use-after-free vulnerability in FileChooserImpl.
0ecbde145d35a4fdef837ba560c9160db3335f5c84f0365d90e9552d8eb3e971Debian Linux Security Advisory 4429-1 - It was discovered that SPIP, a website engine for publishing, did not properly sanitize its user input. This would allow an authenticated user to perform arbitrary command execution.
4c8e164f2c1b3ed2602c6336b4f61fec545fefae033805137757f62795649cc6Red Hat Security Advisory 2019-0737-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.171. Issues addressed include code execution and information leakage vulnerabilities.
f8314d3afe67ae77cfd388e36a385495c1ea0e964e066f3808b2c2fec28ec1afUbuntu Security Notice 3937-2 - USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM. Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. Various other issues were also addressed.
84ba48eb8961200abc8d263519dda08492c73f9a414994b448a649f3e2f95cc6YiiCMS JetBrains PHPStorm version 6.0.3 suffers from a database disclosure vulnerability.
6796f35e6f9d3cb976e4ec479d154a909d63e78d55737e9f48fd348dc93ea559Themosis Framework BookStore version 1.3.0 suffers from a database disclosure vulnerability.
e7d984dd83585e36817afdb40e14758be22454ca6afbe461ecaf3131117f5d2cNekoCMS version 2.5 suffers from a database disclosure vulnerability.
cd468aaec923d430810ed0967307205d9e760270d7e73b6ab5f346d91256bd9dFTPShell Server version 6.83 Account name to ban local buffer overflow exploit.
0103d38b2c7038d9675cec12825180d27cb3877000d5630b501b92e494d707f8FTPShell Server version 6.83 Virtual Path Mapping local buffer overflow exploit.
b248948dec16aaf4914136ef9f42d2199554d52e55dbc3162d171fc4450663a4D-Link DI-524 version 2.06RU suffers from a cross site scripting vulnerability.
94a6f0876dbfb6cb3eb82db104d083f62cf4504bbc57680ce733218f87d09cfbDell KACE Systems Management Appliance (K1000) version 6.4.120756 unauthenticated remote code execution exploit.
3eb5dff93e50fbe23fbc7494f2ff3a530986ae8dffc834f971baafeb16a34e1aMicrosoft Windows AppX deployment service privilege escalation exploit.
1460b5312b5682cc658f0829b40c8e8711a2d4883539bf45739ebf57d5a634a3Apache Axis version 1.4 suffers from a remote code execution vulnerability.
43fdbd4445757874d097a1fddc91c93ec8a4d38cfb81f1581551cc008f2f8b94
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed