Ubuntu Security Notice 4646-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.
6079af5ddd2eada7b059792343088f4d1c41126b019bdad2337ff382191d7b85Whitepaper called Capturing MSSQL Credentials from an Executable.
ced6e4062739a64a6272ecdce7e5a2e144cecc2a576c62007d12d79f630bbc18Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution.
c1d19fe4193f259e8685a36f12856eafcb8136d66c5681732ef040037ed0b573Pure-FTPd version 1.0.48 suffers from a denial of service vulnerability.
6f8f9a41e4fbb1c854299643cac0a0ea3ef97311952ba1c42dac8cb7b70e3b84Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.
ab0c3b5bb1d0eb5ba3ff1d96aed061e55c84b7c6230244407076e3b5a6c46bb8BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.
7779a47f90e53f789a2fbce3072e0d2ff2ac04320c70d8126d32c0cd38ef8a28House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.
f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.
e0e5ffa0c0727fd8caae8d1a6288e302aebc6906241ff1131429f2abbcdbe8a1This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.
4bafd791ffc69e6f0e7e5e659d5843334eaeb9b206ab4512782cccf29ffe011aThis Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.
c76d8f741d62e082e4021197c4f997d2888355186e9e04b1278f52540744b1faUbuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.
36b45e5bfb54b57372c5e59ba133db2f7997fdeb4b4be4e54951e5f434ce0131SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.
21147b01f84dbcd01dd7401e1fa1618def57364c73f6c87de1e4deda21699dd9osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.
3a2d13a1bea10737d2fffae795bbf8e8e1456bee046f30ed0b0fc07162a20926Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.
22e81b9e302abbc514142b60342851f9f20aea48f363575022e6b4d599358ec4Ubuntu Security Notice 4643-1 - It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service or possibly execute arbitrary code. It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.
3b6bc9b46d9d6aa32a2461a6debd03303a67760fd5ff0a3c496573182775fb7bGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
c55307b247af4b6f44d2916a25ffd1fb64ce2e509c3c3d028dbe7fbf309dc30anfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
accdca619abec4f541c7063323bd6a248a13530f91a38dfe072240aeceabcfcbZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.
2ad4c83e851b5a6d905cd41028173a338d0361610fcbc55e00ab71b116573c19This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar options.
e52e0c15527e1e5b23e1a5f32e17df46f22d8f0dc8643606d04c891cd43c603dSeowon 130-SLC router version 1.0.11 suffers from a remote code execution vulnerability.
a001ec1fd474376077daad767cd7474ae02456a498b1fdd3e608dcce5c710674Red Hat Security Advisory 2020-5179-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include a denial of service vulnerability.
fdc2b5c3091634e36c48dee56a3e76656949a67420cbf37fb72b9a0af3999f28Red Hat Security Advisory 2020-5218-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
15aba49494e2fb2808bf07128e9109274c598f62c5d401739156e45e752497c9Red Hat Security Advisory 2020-5118-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
252e1d15a3567abb864679496c50326cc1b87ae1d07f0f4efc9f8758ab859038Red Hat Security Advisory 2020-5119-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
705249a7ee1d97b8757ad759d72450e5edf418d08f2863e5efbdbefa6f51cf21Red Hat Security Advisory 2020-5203-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
50329a39035397f99842c0736e85bed4c8c01c41c61459a70df00e7c3f413a2f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed