Red Hat Security Advisory 2020-0464-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a bypass vulnerability.
3a9fe038ed53beb56f31eff942d2be803be30ee8eeeb857c0cde275dea03a23c
Debian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
c179eaaaef7143e1cb2c6653751bd0e79267e988cd5eacd79bb4afe1a5830efe
Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.
182a250ef2e3e8f678cce9391e0c00303ca592e52445db910d67c6a8a5f5f866
Vanilla Forum version 2.6.3 suffers from a persistent cross site scripting vulnerability.
61c0f7051e79bc5c6c73c93002845e0816322dd10cfaa04e3aee0cb2b3123499
This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGIN_FILE. The module will attempt to retrieve the original PLUGIN_FILE contents and restore them after payload execution. If VerifyContents is set, which is the default setting, the module will check to see if the restored contents match the original. Note that a valid administrator username is required for this module. WordPress versions greater than and equal to 4.9 are currently not supported due to a breaking WordPress API change. Tested against 4.8.3.
46fe60790b9bf89534e2a83e420722f916eab06cd0cd0b2036421fb2f052a420
Ubuntu Security Notice 4274-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
802de440c7b605c26cadaddd30d5b50dc4092628a4a2584daa2a3f2b1b01afcd
LearnDash WordPress LMS plugin version 3.1.2 suffers from a cross site scripting vulnerability.
b8f171cf29223140e8c42cb11d39be46962e88800c6a7f33342a6a57935df5f2
Wedding Slideshow Studio version 1.36 suffers from a buffer overflow vulnerability.
08ab4f0a3f1e0c45caef121b37eb9ab900c98c8753f10257ceac1c5f70b1eeee
Ubuntu Security Notice 4275-1 - It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
467b0b686fa95afca3b4658ae837f3e2eb3cb62130d163c0dc96760e345c1152
ExpertGPS version 6.38 suffers from an XML external entity injection vulnerability.
fc6cb6c0ba1587090a4154bc1adad108309657592a7685cdc3a977b2c6b9e8cf
Google Invisible RECAPTCHA version 3 suffers from a spoofing bypass vulnerability.
62c2212bece7108fc09a73f497c3ef985a32245402538521fc562b60c967c293
This is an article discussing Apache2 Web Server hardening. Written in Turkish.
c23b6241ab29b4315d799f47941a125d4ceb75f7a81b0e78d648bf51638f0eaf
QuickDate version 1.3.2 suffers from a remote SQL injection vulnerability.
71c06374db344d3f540b22e4cf38f43f8268f0a756eb009a09dd7a257175d478
Forcepoint WebSecurity version 8.5 suffers from a cross site scripting vulnerability.
1fa5dba1f913cf71355930627abc1b9c38395b9f292520f07ff6ab2f2daf1e12
114 bytes small Linux/x86 bind shell generator shellcode.
1e7612da16986e3cb4c25c855cdc90ea5787caa9e5e7169bf210c923678fd670