This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.
516dbce1194c92fcf25e36354d5e142eecc0029d53f110980f3fe7d7516701f7This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.
86fccaf72b7727767295df0286ab1d606f02b1e49f7979bfafc39f16ae633df4Ubuntu Security Notice 4398-1 - Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
3954c3057f51bdeea1f0a11fe351cf019773eb2a7c3699a49847b7fc87597e44Red Timmy Sec has discovered that Pulse Secure Client for Windows suffers from a local privilege escalation vulnerability in the PulseSecureService.exe service.
5f5a0396cb9bd8b8918531a470f34efbfce05c416ca68a1d578867b7468c1362Netgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.
d2bc33188494707131607d3b6428caca3cc95ef4510489bd1325974d0c042945TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability.
8ceea48329dd3d48af63a7ccdec830b47ac2bcf4bf77d8735c577b80b70e19b4Gila CMS version 1.11.8 suffers from a remote SQL injection vulnerability.
eaba5773c4589925a1a8bab289bbe21beb33d35ee7a3d7ec8281e3c755ae5ad7Ubuntu Security Notice 4397-1 - It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.
2692888970cbb4e7e7c8fa5692c6beacf2f89b13d531ef62a9431f8e957091d9SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt.
fe2cf7ab1a965708745f8a3ccea8786f1c5edbfe5c3b8ab23a4f225c60f669afMJML versions 4.6.2 and below suffer from a path traversal vulnerability.
166961aa7a1aa4863ba6a1c75fcc9e0116bd4fd9789c3759ca27ecb57c656da5100 bytes small null-free Linux/ARM shellcode that binds /bin/sh to 0.0.0.0:1337/TCP.
7ee6a6fcc5e486b90d3866afa4de0159d3ef94aa1637076ecdb4c1ab24dbf700Ubuntu Security Notice 4396-1 - It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote denial of service. It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information or cause a crash. Various other issues were also addressed.
e080558761a105024feebba02610f6c5581c07eff90a1cb0d2371deb7e83097232 bytes small Linux/ARM execve /bin/dash shellcode.
fabc3a831bff99d6730f97c3240cc21f6d5c4711bd6f1b6ab992f145a704413dWhitepaper called Reverse Engineering Android Application.
03e5ba468bb3c163bbe17ff13c9dd61e4ad74f21265e3843b27311865f9b6cbaWhitepaper called Detect SQL Injection WordPress Plugin using RegEx.
085b2a3d5011566b3a2e006830d12feacf5415f9dcda5ab618f5ff59125c9106Whitepaper called Abusing Windows Data Protection API.
773a6f1530d77d0420be2e70d5bd4c5c42a05dd949691ff60a9439f5d56f0977Gentoo Linux Security Advisory 202006-20 - A vulnerability was discovered in Asterisk which may allow local attackers to gain root privileges. Versions less than 13.32.0-r1 are affected.
098b0504d5efe865161f09c564c9d498f462b5dd82e00e1cc0e5c4405ebeca50Gentoo Linux Security Advisory 202006-21 - A vulnerability has been discovered in Apache Tomcat which could result in the arbitrary execution of code. Versions less than 7.0.104:7 are affected.
4e91ca0fbc04224da0c0118ffbafc25e0bea5b24bcc0534b90146f8897b2f254Gentoo Linux Security Advisory 202006-23 - An error in Cyrus IMAP Server allows mailboxes to be created with administrative privileges. Versions less than 3.0.13 are affected.
1e7bbbfed2c2de886311d93aac435e0c81676a96a5713624632764df5154c6ffGentoo Linux Security Advisory 202006-22 - Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code. Versions less than 8.252_p09 are affected.
9786f753221d3cbe26d1a463069bea7bc3e917ebd5fc3b0803619260c98c6751Red Hat Security Advisory 2020-2567-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
ab064e17571e79bac178b9a10ff5d569de64c697efeb51b8c21243f887a8895eGentoo Linux Security Advisory 202006-18 - Bubblewrap misuses temporary directories allowing local code execution. Versions less than 0.4.1 are affected.
555969fc9fd701b4c396387cf24658c3d2408d1c4b39557ef14b9df7ab9c723dGentoo Linux Security Advisory 202006-19 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.9.0 are affected.
1bfd8c4503f4ffbe217e1dae7f83434325e3fc877eae8b8349b71df5c1c7c6c0Red Hat Security Advisory 2020-2562-01 - Red Hat JBoss Enterprise Application Platform CD13 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD13 includes bug fixes and enhancements. Issues addressed include denial of service and traversal vulnerabilities.
653e0dfe34e8f71fbff88f5db8ad69c4a7a15d5d8db71bce2bd437e954f7ae3cRed Hat Security Advisory 2020-2561-01 - Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD12 includes bug fixes and enhancements. Issues addressed include code execution, deserialization, and memory exhaustion vulnerabilities.
b76aaf5cc67f51ef012b340ca8233367d63f2f7981ba6e783d50b98e7f58223b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed