FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 suffer from a credential disclosure vulnerability.
b2b3f4a059a819d179d1351df2449ee136c21fac4545ee3a69e597459c9fbae5This Metasploit module exploits FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file.
b364fd0726a854377373a52867662e7db4695cd923b7cbbc1a13768737c4c6dbYouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
9ee900cb96613ed49b90c10c72d43abd4851607eac2d3fd26a727af49a6aa740The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
412fe48e3876bf20835a918210d1e411fe2a24a6043a75b7947ba06257770d2fNeo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.
962e3dd6f61149f627bcad16099db88da89289a4c5cc7ff5743fc5ef8c25644dKimai version 2 suffers from a persistent cross site scripting vulnerability.
c2d7bf695e6bd652ccb9e20bbad2da9e22b3f9e0a01a3af87ae9447e2559cc4dRAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
a2ea0199cb2b838efbbac80ed49ca923d94c5ced0f3df0ce7a2521a0233273e3Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.
971076293bd447b89480caa6102ab463befa5dda10bc69b8d76aee1339d399d8MediaWiki OAuth2 Client version 0.3 suffers from a cross site request forgery vulnerability.
6e48cd8cf1d9a26b8a4e22f9f4f28eff68bfe3e70f0be93be0515ac11022f598Ubuntu Security Notice 4078-2 - USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. Various other issues were also addressed.
7d4b0832aac4f76717f228925ab0a0a651d2a6fd1abd5aa3f1e3e4e2377899cbUbuntu Security Notice 4102-1 - It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. Various other issues were also addressed.
983c53a971616e6b47ea1521934e1bf73200bdcdf63393f64dea2636a3248a03Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.
94d50b13c51638daf9db02d19ba31bdcae667c02371857be73dd9cdd16b2bfb4Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.
acffbdfe90b0a58970132a1847884fe8bf47723bf6191011cc4ac8b281a95407Debian Linux Security Advisory 4503-1 - Three vulnerabilities have been discovered in the Go programming language; "net/url" accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.
af481407d6948d48215d63f897de8ad4f64b8a958e48998d30cf431e2e5afe49Gentoo Linux Security Advisory 201908-25 - A vulnerability in hostapd and wpa_supplicant could lead to a Denial of Service condition. Versions less than 2.8 are affected.
0f58c1cbc7fdf0d8129935ae8c66e721bab0255c2b2cef5fc559655a0e25ca7dGentoo Linux Security Advisory 201908-24 - Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could result in privilege escalation. Versions less than 10.1.38-r1 are affected.
b5341902a18466c1d8fd5573f15500706a5e4105bd67584da8da31ca7ec08590Gentoo Linux Security Advisory 201908-23 - Multiple vulnerabilities have been found in VLC, the worst of which could result in the arbitrary execution of code. Versions less than 3.0.7 are affected.
1c27a172b47d55503de33240d3c4960faafc6bce1bc199f5c00b9747c32801e0Gentoo Linux Security Advisory 201908-22 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.6-r4 are affected.
6f447b44bb4214475ce239876d771d1fa9336181e808c8f24d80e42adab348e3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed