Go SSH server version 0.0.2 suffers from a denial of service vulnerability.
d545184609b7cd6caf620c82784b7d1eb9fee03472e34f406779dd8239707e78195 bytes small Windows/x86 null-free WinExec Calc.exe shellcode.
fee44adfb0bfdb2c7192391912bf356c70e5e8f50319f258fd2597def6aa0826AMSS++ version 4.7 appears to have a backdoor account in it.
cd7060966dd1a6806bd719fd19b605a579e40923eba983841f524eaeffa6b74cAptina AR0130 960P 1.3MP Indoor Outdoor AHD Vandalproof Camera remote configuration disclosure exploit.
2ef325a6923d8e5d17e5f09adc7f76675316379324c359f02d3fa9c0830f51c8SecuSTATION SC-831 HD Camera remote configuration disclosure exploit.
4683b9b52be366e07dd763dfdd1690ff666f7f3f0dcbbe97afeb5b93afd6341dESCAM QD-900 WIFI HD Camera remote configuration disclosure exploit.
4baed4aa376fe687a544860e2f80bb9b555d6c45d9d410c64a42fbe2dec40918Amovision AM-Q6320-WIFI HD Camera remote configuration disclosure exploit.
282ef1fe573f05152fb5163f3e9e9233adfc9cae3b7fccb52ef42d569439c377This Metasploit module exploits a command injection in OpenNetAdmin between versions 8.5.14 and 18.1.1.
2b228bdd522a3322b945c5bb606015c9a7078570c659b03b557125d2bb27bf4aOpen-Xchange App Suite and Documents versions 7.10.2 and below suffer from multiple server-side request forgery vulnerabilities.
9e95ed9b8b18b7aa67aa539e677d18a46c58d0f74c70f908ef7a336569ff51e9D-Link DGS-1250 suffers from a header injection vulnerability that can be leveraged through cross site scripting.
7d7d9f8705c8fb7f26571e187596182c238f6573faea1c552faf5d97d4edd1f2The AVIRA parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating the ISO Archive This leads to the Endpoint ignoring the container and the Gateways to let this file slip through uninspected. Avira does not patch or update their very popular command line scanner that is still available for download on their website. AV Engine versions below 8.3.54.138 are affected.
e3a1a68dae3a544a78b4225ef81e20a998dd5f42a98b27d7f851c97568992124Online Birth Certificate System version 1.0 suffers from a persistent cross site scripting vulnerability.
6de37794ee2094b035dabe76e6eb8a2f304b42854e39e641aa1c76aecbdde857AMSS++ version 4.31 suffers from a remote SQL injection vulnerability.
0aa8404c8f64edcaa6766be112a26476dc872f2cf9dd5a373508bb009631fc25Whitepaper called WordPress Security. Written in Turkish.
e49b4b89327b25ec6a9f68b3a1e5349d5d266d462409d6037057a44f027bcec3Slackware Security Advisory - New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
d52855cebc6ff08d438a73cb1c48b08a8612def8eac07cb321c840d6a7b98cb7Red Hat Security Advisory 2020-0565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Memory safety issues and various other vulnerabilities have been addressed.
3ab5bdb88120ae5e4fd89544676111763fc17ab8b4c152f64e39e5f2995c8764Red Hat Security Advisory 2020-0566-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a denial of service vulnerability.
a6d88cc99ed249a84cbbe204dc2e7e5f93c6c712ee75e13dc48343b7d2153e3dRed Hat Security Advisory 2020-0564-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
666ecdb2f28f993bc3f9d569555f489bcb6f7c49fb7116e800eeed1b773320f5Ubuntu Security Notice 4289-1 - Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1313e86585d39f29af765e7595c60e6ae63b933823da6dd69399de2b01187107This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.
38aec6cad30d28bc144df66f4ad6d698b59a52c8a529a3cc66391e571ee852c6This Metasploit module uses Diamorphine rootkit's privesc feature using signal 64 to elevate the privileges of arbitrary processes to UID 0 (root). This module has been tested successfully with Diamorphine from master branch (2019-10-04) on Linux Mint 19 kernel 4.15.0-20-generic (x64).
c0a67e3b35ae7095f282504032573f7c6d8515a68217980e613c044ea3d6edbeRed Hat Security Advisory 2020-0556-01 - This release of Open Liberty 20.0.0.2 serves as a replacement for Open Liberty 20.0.0.1 and includes security fixes, bug fixes, and enhancements. Issues addressed include a denial of service vulnerability.
d3cd1416354865f437f30268882b9c17d2e392f2b62cf277834f83750c1d3cd9nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
12011eb0e4798ce4039defc10498c4ae9af7f4edf7731e9d32f4d8ae678cda66Ubuntu Security Notice 4288-1 - It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code.
eb07457d63a9c9ab5e89ea43cf02a775350f7f4106be07bf3ab89630abce1e73OpenEXR suffers from multiple memory safety issues including out-of-bounds access.
d7f7bcfc376186e510d108af1edd8e502ddcaa95444256cedbc8fa3a1e31276e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed