WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.
7ec3e2886cfeb10934e1758d21c4a3b07426bc1755426426441b88d92cfd7024Debian Linux Security Advisory 4578-1 - Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.
9538be1083464e26484b6e8ca14c4fc07df96b18373e03b573fb4fce4742f597Multiple denial of service vulnerabilities have been discovered and disclosed in the axTLS library versions 2.1.5 and below.
4b795ed8fab6f7bf3baf0d923f7583ab93caeae5946f05ef62eac4fd030fc492OwnCloud version 8.1.8 suffers from a username disclosure vulnerability.
0307de97c325435adcb9198b8abdd9f7094e634c0324db4c86daa7772020153aAn issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
506feee71f53fac76413f6d8f5b4cad88bddee539003ffcdf0c54f19b9a741ecOnline Inventory Manager version 3.2 suffers from a persistent cross site scripting vulnerability.
2a17665cc12bcb9f3faa72d4270155382c77fe2c2ddc086fe1084d45f5d4bb75Ubuntu Security Notice 4204-1 - Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
adc7ec85d31f5349a8be376afe8cf08edc4acfe1a9f39099e09b041b7b93cb51Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
354b9471b47cedf156fae21fdd08eeb96eab9831e2b07a6b5c32125d5f285f6cSpotAuditor version 5.3.2 Name and Key proof of concept denial of service exploits.
def21425b191e4950249069aa03b8a79033e22714038a46149d3ba19c72fa84bMersive Solstice version 2.8.0 suffers from a remote code execution vulnerability.
41ae2404927a39e963d537c545ef3a3209ea223a6fe1314299241b67ec6d3047GHIA CamIP version 1.2 for iOS suffers from a denial of service vulnerability.
c3d5b41413dbf51de10e6b4f74f2284ed66cdd73572462d61d68618f2210df64TexasSoft CyberPlanet version 6.4.131 suffers from a CCSrvProxy unquoted service path vulnerability.
94c1d807c9a0501d3748f8c41652394f08c36679caea0fdb76a866533ce69dedWordPress version 5.3 suffers from a username enumeration vulnerability.
617224266959f06915a164de940bc67b50871dfdb40fbe6b480e2dc7741ec028The CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).
0d3444a9cc732375e29149b598c57075ea9f0555e5ce5015c7e21c27660080f2Ubuntu Security Notice 4203-2 - USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
0dc3942145547db7073c63f6ed48403541f54ab1a7bc5cfe6da8ba310b7067d9Ubuntu Security Notice 4203-1 - It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
26d9f79b62cfc9666137eb11e7d3580960296b1498984ff8db3f39ee2986e7c3Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
8b02b403cb65d197b55d479f14ebd82a934af9eca331f69bc357e66acc8a31b2PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
c8f8b030751ee35087e8fa264cc37a0d325186c0e8e6eee9eed0686115ddc0a4Red Hat Security Advisory 2019-4019-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
77fa65a96baf59af0b8d531b976dca7bd2a1955703ee9de2463044589dae5a5eRed Hat Security Advisory 2019-4018-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
ffe3f5988be6dd7a943f7be36a8d49a6410ecc07b452747fa50d6382976ff83aThe vulnerability allows rescaling and corrupting the Xiaomi Mi Box (model: MIBOX3, build.id : MHC19) display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for ransomware purpose - e.g., each time a target streaming app is launched, the malicious app can corrupt the display.
e3d8df083eeb13cc51a2757aa687d0e3a726620f82fe26776aef9ee56634e546B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.
e59afcb2a6860a3b97af31c75aff21ad03698f1084108171bbd8a64d30fb7939Red Hat Security Advisory 2019-4021-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
0722e12f5fc13d3dca84d18ffee8fd509dbd0efd0904fc31534cd18260a15f5dRed Hat Security Advisory 2019-4020-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
73f3bff9f1fe90e77f6f4781409305530671950778c27d425306cc58a81efb24A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.
deb671a58483113fa01c7556131f6c1924fc8c60528a056679836812d446ff89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed