Ubuntu Security Notice 4646-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.
6079af5ddd2eada7b059792343088f4d1c41126b019bdad2337ff382191d7b85
Whitepaper called Capturing MSSQL Credentials from an Executable.
ced6e4062739a64a6272ecdce7e5a2e144cecc2a576c62007d12d79f630bbc18
Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution.
c1d19fe4193f259e8685a36f12856eafcb8136d66c5681732ef040037ed0b573
Pure-FTPd version 1.0.48 suffers from a denial of service vulnerability.
6f8f9a41e4fbb1c854299643cac0a0ea3ef97311952ba1c42dac8cb7b70e3b84
Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.
ab0c3b5bb1d0eb5ba3ff1d96aed061e55c84b7c6230244407076e3b5a6c46bb8
BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.
7779a47f90e53f789a2fbce3072e0d2ff2ac04320c70d8126d32c0cd38ef8a28
House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.
f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3
This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.
e0e5ffa0c0727fd8caae8d1a6288e302aebc6906241ff1131429f2abbcdbe8a1
This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.
4bafd791ffc69e6f0e7e5e659d5843334eaeb9b206ab4512782cccf29ffe011a
This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.
c76d8f741d62e082e4021197c4f997d2888355186e9e04b1278f52540744b1fa
Ubuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.
36b45e5bfb54b57372c5e59ba133db2f7997fdeb4b4be4e54951e5f434ce0131
SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.
21147b01f84dbcd01dd7401e1fa1618def57364c73f6c87de1e4deda21699dd9
osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.
3a2d13a1bea10737d2fffae795bbf8e8e1456bee046f30ed0b0fc07162a20926
Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.
22e81b9e302abbc514142b60342851f9f20aea48f363575022e6b4d599358ec4
Ubuntu Security Notice 4643-1 - It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service or possibly execute arbitrary code. It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.
3b6bc9b46d9d6aa32a2461a6debd03303a67760fd5ff0a3c496573182775fb7b
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
c55307b247af4b6f44d2916a25ffd1fb64ce2e509c3c3d028dbe7fbf309dc30a
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
accdca619abec4f541c7063323bd6a248a13530f91a38dfe072240aeceabcfcb
ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.
2ad4c83e851b5a6d905cd41028173a338d0361610fcbc55e00ab71b116573c19
This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar options.
e52e0c15527e1e5b23e1a5f32e17df46f22d8f0dc8643606d04c891cd43c603d
Seowon 130-SLC router version 1.0.11 suffers from a remote code execution vulnerability.
a001ec1fd474376077daad767cd7474ae02456a498b1fdd3e608dcce5c710674
Red Hat Security Advisory 2020-5179-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include a denial of service vulnerability.
fdc2b5c3091634e36c48dee56a3e76656949a67420cbf37fb72b9a0af3999f28
Red Hat Security Advisory 2020-5218-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
15aba49494e2fb2808bf07128e9109274c598f62c5d401739156e45e752497c9
Red Hat Security Advisory 2020-5118-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
252e1d15a3567abb864679496c50326cc1b87ae1d07f0f4efc9f8758ab859038
Red Hat Security Advisory 2020-5119-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
705249a7ee1d97b8757ad759d72450e5edf418d08f2863e5efbdbefa6f51cf21
Red Hat Security Advisory 2020-5203-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
50329a39035397f99842c0736e85bed4c8c01c41c61459a70df00e7c3f413a2f