MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.
beaafdc5dee4b589fa59d194bbcda3aad72131beb6a748f37bda94014f9e24e2This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.
7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3dDebian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48Debian Linux Security Advisory 4631-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.
672a8a4e95e604dea700f5a873d7d479e1ba2dc4114bd73eddf87bc4c9fac27fDebian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).
f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590eDebian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.
5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0Debian Linux Security Advisory 4635-1 - Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code.
bc5aa8ca4bb689d45b2d9ca0ff9b6ade1a97168e14a988f3692f4ce913bfc8aeDebian Linux Security Advisory 4636-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.
94cda4a539fb8acdae1d82380c87a8ef4be0d2f444897775ffb0061181a93953This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.
6a0cab11f2e64f9df513d332add9505f86699b1e1ba54f3ff7ddc853a502e82fNimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.
f07b0cb7767fe9ecacd5cc0f2aacef08a3520cd39de4d809fae2a85d1b7c8bb0Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
5f5923ef4c3fee370ed0ca1bb324f37c246015eba4a7e74ab95d9208feeded79Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
a31c015afddef00022d3a2c0ab9383a616b6e6954cba467eb037d16b88aaac8cRed Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.
94a7ebf02343bcb5014130974b28608217aeabf08433f8c6def9739ab81cea66Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0aSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
958a5045c8a59fa700876133f5194c0b5962c1980df9cf0fee1207d048e18ebeChrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.
412f788875a5daf71252244d087b880c4599e16c220ff869fdb9818a05b134b4This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces each userspace pointer with a kernel pointer allocated with kzalloc(). Unfortunately, in the error case it will iterate over all the pointers in the array (regardless of how many, if any, were converted to kernel pointers) and call kfree() on each of them. Thus, all it takes to call kfree() on an arbitrary number of controlled pointers is to make the second copy_from_user() fail after successfully copying in the desired number of pointers to free.
efd831d3ab7c9c5578f97a34507b505b0fb6cf8ddb61a22e805c5ade1953fcdfRed Hat Security Advisory 2020-0632-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
ef186e73e63f4da3cc8584b6c29f52f1d6a0879734059f2a044d20b95ac4ceabRed Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0aXNU suffers from a use-after-free vulnerability in tcp_input.
25701e8eca80114c8645a6f7aaac15b7712ce7c0be471ffb9169c8dccc28d609Red Hat Security Advisory 2020-0634-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
1df0fe2f62df4d444ccb819d6f143597bfefdd169e1acff37c0f800b7b226dfaI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
e65c7dbbf464b6bc64afb228306fbfed0f1e67ffec74f96852b82acade53921cRed Hat Security Advisory 2020-0631-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
c5410a2d83277b036adeed661972863aa4373b96185f77a076d89b7b279a5b7a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed