Trojan-Dropper.Win32.Scrop.dyi malware suffers from an insecure permissions vulnerability.
b441fde6d9d688819e5a6d44c127c549633b249a0905d34d885c9ae37e5210fePersonnel Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2776b79bc1477dd0a9d6f3c66f393968ec921589928f2bb358a7296cf68a94b8This is a tool that was developed to run as alternative "/init". The program will make an Android phone show up as mass storage device during boot. The complete internal storage is available for reading including the partition table and all 42 partitions of the Android system.
26d0ccdaf2d09a37294e6090603335263cb221373194e10a191870af77f5fe23Email-Worm.Win32.Trance.a malware suffers from an insecure permissions vulnerability.
b7be52e55d136dca9ba0d96625eb0e3b7ad168eb430c19ccfa05d14f47f0ac2aWhitepaper called Smart Contract Automated Testing Guidelines that provides guidance on automation.
2637d58d1c7c59b0e8b57db8f391f84b9a001dcc6d498f48455236de4f4f2d0aAndroid version 2.0 exploit for FreeCIV versions 2.2 before 2.2.1 and 2.3 before 2.3.0 that achieves root.
84eaa0c13185db927fae6be271159ea3fe9f56dcc09261d86facb183be5d57c7Ubuntu Security Notice 5000-2 - USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Various other issues were also addressed.
24cb2b08987dbf402e7352676baccf4addc89319c209a6642e849c6e40814e3fAtlassian Jira Server / Data Center version 8.16.0 suffer from a cross site scripting vulnerability.
11cb5c10c7bc260840e9f99059eab8e717769aeff2d90a62ed3b887604e735c0Ubuntu Security Notice 4998-1 - It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. Various other issues were also addressed.
a3d9656a49f07ccf660b9f6006ed598b81e2aa94c36575e1f2fa281abef63f27Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
6a51efd7869e0f36a00f33455ec2d1745dc36121130625887b4589e646f062c2SAPSprint version 7.60 suffers from an unquoted service path vulnerability.
8fd12071ae6adadfc0e695181b3356e8bf22de078d2eb3e9d81412ae18f764faThis Metasploit module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.
60500517de9e732c50f65c2b42ef9aab7b59dcf4310f936b690f3460d981d122Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.
81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260eeSeeddms version 5.1.10 authenticated remote command execution exploit.
1bd0d1d11507de31f14c38ecbae34e401a0ca09e54f2d268c40dcd6fc869c58bOnline Pet Shop We App version 1.0 suffers from remote SQL injection and shell upload vulnerabilities.
eb0bd2f27f2879c5379fdf6bc7702bd5bdffceefb5a53170487bbb21eb81cf54Simple Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3004a065d6a8c63fdece287c1f6038dcc213d293890df2200431cdee20c52de6Whitepaper discussing BIZARRELOVETRIANGLE and FULLCLIP - JNLP parameter injection attacks to remote, persistent, multi-os code execution.
0544f59a1e884ac5e4753711797fde21b5db764b310bbdc41f2106aa58ffdef4This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.
9898d80071dec7ddeb79d05a6d3e6a34bfd2027a8c1422f650410e9a1cb4219cUbuntu Security Notice 5004-1 - It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
59fb5cdf77b530600e46be2c0267cbe788afc97154c7f99aed142ee84bb65cfcTrojan-Dropper.Win32.Krepper.a malware suffers from an unauthenticated remote command execution vulnerability.
707ac72fec5bc9fd4ba9130e172dfe27a762e79efd3ec59ffa42a962275b3eb5Red Hat Security Advisory 2021-2543-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include code execution and denial of service vulnerabilities.
de10f870e361f9c40e606f0ad79acca7e8e375dc5f52949dbafbc84fbfe8b8b3Trojan-Dropper.Win32.Juntador.a malware suffers from having a weak hardcoded password.
7a574e38f522f8965f7c8a735df277dd3ac35d5d518b4ad4ac0f0cedc76c0a85TP-Link TL-WR841N suffers from a remote command injection vulnerability.
f38c375883294d89e59cdd181a489ae666b47d231d5e8deee6d2920dbda52144Huawei DG8045 ships with a default password that is the last 8 character of the device's serial number listed on the back.
f56018859afa47d0e08a86ef2e86ac8c4541f3a4b1b3696aee916b06873e759eTrojan.Win32.Banpak.kh malware suffers from an insecure permissions vulnerability.
7a6438ef523763495bf878f9db9d93798a62d8ce9c1607fe615b7059aece6e32
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed