Ubuntu Security Notice 4634-2 - USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Various other issues were also addressed.
a1a691ff9186ee6eaf2c2d47a6441949d8cc7813c66d46dfe52981b2a1c8cc1bRed Hat Security Advisory 2020-5170-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
74b7da70962c78e8dd76545177fb793cfdcb13e8c07aa5f8f8e90f76e2db3c89Red Hat Security Advisory 2020-5173-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
877d8d731340825e057ddcd6cb5ac5470e3f9b0da914cf437032fe420fc294b9Red Hat Security Advisory 2020-5163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
e86f9f7e5dbafe388ac0c7e966bc25fa681537ec21d15f211db7532e11aed89dRed Hat Security Advisory 2020-5168-01 - Eclipse is an integrated development environment. The rh-eclipse packages have been upgraded to version 4.17, which is based on the Eclipse Foundation's 2020-09 release train. For instructions on how to use rh-eclipse, see Using Eclipse linked from the References section.
fea17f7efb851aa85922eb699f58d3890322bad3a8953da3ab672f73cf0e19e1Red Hat Security Advisory 2020-5164-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
53502073f58bfd4cf69f19a05c9afba20d1b4a073c4719ee233f37b813ccc598Red Hat Security Advisory 2020-5162-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
153c88aca00072f8424ca495f076daef64a966287e506a23df10a825a2c455d4Red Hat Security Advisory 2020-5166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
e3b5e957949f6979e3bed3952e1f20532bbdf5748dcb516a574972dae2900ea0Red Hat Security Advisory 2020-5165-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.198. Issues addressed include a use-after-free vulnerability.
d1113db429e59daed39f8174b29d7b5fdeb46c6f3d2f0b14bc72d502d2e8f412Red Hat Security Advisory 2020-5167-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
b661871e488135058b6c5b9421c36eaf3d194b4234cbe057072a1452481340f3Code16 is a compilation of notes from research performed by Cody16. This issue discusses creating web modules for Metasploit and more.
78ec59e4fc92095d88790bb61b21f2d538180db80df521c7e384c9a925dd55e3Code16 is a compilation of notes from research performed by Cody16. This issue discusses exploring heap overflows and more.
be37e4aafda4fc264f91ede06f92e575c0414d487ffd20ec13901068b11a69e3LifeRay version 7.2.1 GA2 suffers from a persistent cross site scripting vulnerability.
a62ba548781756fb0fa9f7a1cefdbcea86782ba6456a0164a3d4465fe9bc9463The TP-Link TL-WA855RE V5_200415 suffers from a flow where an unauthenticated attacker can reset the device and then set a new administrator password.
22cd21e85742b95b7fb903841a4659d75e8880a0e535f22d5d05f42b0c307904Boxoft Audio Converter version 2.3.0 suffers from a buffer overflow vulnerability.
6098ccb68398fdd08bfc13a2681451ccd542f02c14aecd66ed8e9e7537c42f32CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Unified Infrastructure Management. A vulnerability exists that can allow a local attacker to elevate privileges. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions.
d584459baf29fba4ff9057c83367150af5798891d0007b141850d6ff2f84f528Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.
ce155e50978552faf0e472116a9c5ce4f975a3420fd6632369708f93d1554c2aBarco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.
75cc1a2f773099f090db6e25b10a5322af43049d1ef7d2035e513c189b3011edBarco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.
a366665beb0a2a41a9a77ce23a19d8837b9d6bfef4a80c4bbf011cf9589c7bc4The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.
77ed3fcf16f9ea1209c2673adba8c737e13b77a283c9ea2dfab06836d2aa7ddeAn attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.
d17ea5576bc764da9307b56d3e500fe6c4d6a46a6d607ac07eeebd256034d86cBarco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19.
22801e1943167d9cae8f39b9e75645ceb62540439a7d2d3cf58ea0fee603d235Vtiger CRM version 7.0 suffers from a persistent cross site scripting vulnerability.
b6606ef09af1c9523d1149be28331dbea51e97efd4902acd769b67310ccac2c5This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category.
b5c77494a3939a1827cb333698735a7315890ad559b41cca1a66fcbd96bc0b9eIBM Tivoli Storage Manager version 5.2.0.1 suffers from a command line administrative interface buffer overflow vulnerability.
d91298d7cdf3ea61c60282fd007270f738d9bc1b835db1fe81301d040f3df2bf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed