Red Hat Security Advisory 2020-2407-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.
e3ea8b46bb971bb187276b9cdff85462f0668f78030c102b3386dc8a72f7fb90Red Hat Security Advisory 2020-2406-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.
3e44dcd5389cda942cd270183d524056b12cc78a773e9e1f3d29ea29736a4d80This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.
d94c9f0362d25709f05afe545bc81aff8520f8eb38e83726bf24a2463da16a0aThis Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.
d85d76c6388cafa88aef4ce4d17b77d3a4f2d6383ddcb075ea187fa645df106eUbuntu Security Notice 4382-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
4f115def6b91787851cd5c7dfa23961d619d487be7fdca2f5cde63cdb4c692f9CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
83113d8769abd0415eb42018b84a2962a1732ec8f7b88a0191d5f1ae278ac44dVMWare vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.
f8ca6e31136d38818092e0ad39e95a75baa6dba1c482ec02257a02235562471fCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
c6b2b08c6ef854d4b4ed8b7de843a0a934625c2672a6c6e51c51658ce8b989f8Navigate CMS version 2.8.7 suffers from a cross site request forgery vulnerability.
8961bc4b73d4b971e3607195eec88ef23a82d04fa182498a545278923bf0f714CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
8227decab2e3303eb2fd3fd07c388f1eab6298ce3df14f3c461ac9bd2a02e376Red Hat Security Advisory 2020-2404-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. Fetch limitation and logic errors were addressed.
47243a4457d50457d3883bf9f3e25b574afb32b07c68f75964e45b41139f98bbNeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.
a03fae941188a13b262247d193b72cb8c6020929d45d54b9d550247447b208d4NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
b6fc64a5ae4e8a0ec2c9cdc1017fd4675419adad3fce5fe5f687cefd700382cbRed Hat Security Advisory 2020-2367-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.13 serves as a replacement for Red Hat support for Spring Boot 2.1.12, and includes security and bug fixes and enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
648d3e7e6b8b0230e170a363c66446ba991afc1894fe7567edce53d9d649b7f8Ubuntu Security Notice 4381-2 - USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Various other issues were also addressed.
6d6997c59d71b6a3d4224bd5191cc2032e0a291956e6c4109ab9ccdca617e0c6Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.
574f4aff0804ec6c6a6b6b7a761deacb09295697b33a4a7f345b0cbc98bceec8Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.
4449413e7a452a485083ac7846a6b076384afa328c5248552e7cc7c560e30d26Online Marriage Registration System version 1.0 suffers from a remote code execution vulnerability.
266854280602b87a3cbca870488d6972726cdf03e7425720743ce54fe99fb9faSecure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.
b4767984fc103e8a156c2fd786f676e1d794f4e2922e08d9742526ae255d6244D-Link DIR-615 T1 version 20.10 suffers from a CAPTCHA bypass vulnerability.
927c998aba2229a5da7435240af1366b6fbea05d84f905742341817d7cb1ce24Underconstructionpage versions prior to 3.75 suffer from a persistent cross site scripting vulnerability.
b5743771cfb84683c18f99ecbebf23513dd37292e3ee8d66de2169fbb1467772Clinic Management System version 1.0 suffers from a remote shell upload vulnerability.
17550036bdef42a832b70180a2bb524a2ed1b45da3b1dbed9a484457ba51e913Red Hat Security Advisory 2020-2381-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.
79e687fd252f94cfa466d42dcce07c03c92efe390e508dd430c4a4d059a40dc2Hostel Management System version 2.0 suffers from a remote SQL injection vulnerability.
2ac0ab30dc8f4eee842eb9574e1bcb7352d29c0bd64b812b927bcacecb9ed6b4Oriol Espinal CMS version 1.0 suffers from a remote SQL injection vulnerability.
ded109beee0a7c61db52b22a191ac52791c2f84f052a265250a574302a0ef120
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed