Ubuntu Security Notice 4634-2 - USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Various other issues were also addressed.
a1a691ff9186ee6eaf2c2d47a6441949d8cc7813c66d46dfe52981b2a1c8cc1b
Red Hat Security Advisory 2020-5170-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
74b7da70962c78e8dd76545177fb793cfdcb13e8c07aa5f8f8e90f76e2db3c89
Red Hat Security Advisory 2020-5173-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
877d8d731340825e057ddcd6cb5ac5470e3f9b0da914cf437032fe420fc294b9
Red Hat Security Advisory 2020-5163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
e86f9f7e5dbafe388ac0c7e966bc25fa681537ec21d15f211db7532e11aed89d
Red Hat Security Advisory 2020-5168-01 - Eclipse is an integrated development environment. The rh-eclipse packages have been upgraded to version 4.17, which is based on the Eclipse Foundation's 2020-09 release train. For instructions on how to use rh-eclipse, see Using Eclipse linked from the References section.
fea17f7efb851aa85922eb699f58d3890322bad3a8953da3ab672f73cf0e19e1
Red Hat Security Advisory 2020-5164-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
53502073f58bfd4cf69f19a05c9afba20d1b4a073c4719ee233f37b813ccc598
Red Hat Security Advisory 2020-5162-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
153c88aca00072f8424ca495f076daef64a966287e506a23df10a825a2c455d4
Red Hat Security Advisory 2020-5166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
e3b5e957949f6979e3bed3952e1f20532bbdf5748dcb516a574972dae2900ea0
Red Hat Security Advisory 2020-5165-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.198. Issues addressed include a use-after-free vulnerability.
d1113db429e59daed39f8174b29d7b5fdeb46c6f3d2f0b14bc72d502d2e8f412
Red Hat Security Advisory 2020-5167-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3.
b661871e488135058b6c5b9421c36eaf3d194b4234cbe057072a1452481340f3
Code16 is a compilation of notes from research performed by Cody16. This issue discusses creating web modules for Metasploit and more.
78ec59e4fc92095d88790bb61b21f2d538180db80df521c7e384c9a925dd55e3
Code16 is a compilation of notes from research performed by Cody16. This issue discusses exploring heap overflows and more.
be37e4aafda4fc264f91ede06f92e575c0414d487ffd20ec13901068b11a69e3
LifeRay version 7.2.1 GA2 suffers from a persistent cross site scripting vulnerability.
a62ba548781756fb0fa9f7a1cefdbcea86782ba6456a0164a3d4465fe9bc9463
The TP-Link TL-WA855RE V5_200415 suffers from a flow where an unauthenticated attacker can reset the device and then set a new administrator password.
22cd21e85742b95b7fb903841a4659d75e8880a0e535f22d5d05f42b0c307904
Boxoft Audio Converter version 2.3.0 suffers from a buffer overflow vulnerability.
6098ccb68398fdd08bfc13a2681451ccd542f02c14aecd66ed8e9e7537c42f32
CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Unified Infrastructure Management. A vulnerability exists that can allow a local attacker to elevate privileges. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions.
d584459baf29fba4ff9057c83367150af5798891d0007b141850d6ff2f84f528
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.
ce155e50978552faf0e472116a9c5ce4f975a3420fd6632369708f93d1554c2a
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.
75cc1a2f773099f090db6e25b10a5322af43049d1ef7d2035e513c189b3011ed
Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.
a366665beb0a2a41a9a77ce23a19d8837b9d6bfef4a80c4bbf011cf9589c7bc4
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.
77ed3fcf16f9ea1209c2673adba8c737e13b77a283c9ea2dfab06836d2aa7dde
An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.
d17ea5576bc764da9307b56d3e500fe6c4d6a46a6d607ac07eeebd256034d86c
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19.
22801e1943167d9cae8f39b9e75645ceb62540439a7d2d3cf58ea0fee603d235
Vtiger CRM version 7.0 suffers from a persistent cross site scripting vulnerability.
b6606ef09af1c9523d1149be28331dbea51e97efd4902acd769b67310ccac2c5
This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category.
b5c77494a3939a1827cb333698735a7315890ad559b41cca1a66fcbd96bc0b9e
IBM Tivoli Storage Manager version 5.2.0.1 suffers from a command line administrative interface buffer overflow vulnerability.
d91298d7cdf3ea61c60282fd007270f738d9bc1b835db1fe81301d040f3df2bf