Node.JS node-serialize remote code execution exploit.
d4cff9dd6bf638bfad6430e7fdb98e3c41364d4bb5ae4c0a84b242ba5a992b80Trojan-Dropper.Win32.Googite.b malware suffers from a code execution vulnerability.
c4c296961dc8e41f5d8e2fa7da763ac7a25c7f829d63b24f5a6ec102681a9a47Ubuntu Security Notice 4992-1 - Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the rmmod command in GRUB 2 contained a use- after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that a buffer overflow existed in the command line parser in GRUB 2. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
1f9aec408e5162b86a8b71d82cc6be6d6601a5a4992dbb961c31198f605ea5bfWhen analyzing the Protectimus SLIM TOTP hardware token, Matthias Deeg found out that the time used by the Protectimus SLIM TOTP hardware token can be set independently from the used seed value for generating time-based one-time passwords without requiring any authentication.
18da959eb49ff3d5b8d29ab92f7247fff8490774b451cce50831a03dc291d6c0iFunbox version 4.2 suffers from an unquoted service path vulnerability.
282e697b6a984a007573280661f5c019cc2693b207326f3ff06fccb8c4ed6942OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.
4137f1bcde3ba0b062231c438d7bd1885e04568f8cb1e019f5635288f2560b7dICE Hrm version 29.0.0.OS suffers from a persistent cross site scripting vulnerability.
81351aa19a519f6d67a50fa7c5f0e01f5776fd2f342d0cfce2bff3a6327604caBrief whitepaper that goes through proxy, ssh, and vpn pivoting during an attack. Written in Arabic.
a1e855c508e17641d2eb114eced9cbb69be22f676f04484aaf30c490b078784eICE Hrm version 29.0.0.OS suffers from a cross site request forgery vulnerability.
428307418f215e41128b67466956ad0750203da95db327aba348d9c16fad1e1dICE Hrm version 29.0.0.OS suffers from cross site scripting and session fixation vulnerabilities.
4f2a125bcf3c1919dd62b032560e0645fab870d5f7925db93ca9c712c8661782Whitepaper called 'node-serialize' Remote Code Execution - Web Shell. Written in Turkish.
5258591e002e919f55d52d14edd0cf8d6b32488ebf99fbf4b7583e1a674d53bbUbuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.
38f527bf92212574fd2e8353820dd66e5279bfa5e4f6a13e08dc27aaaf456463Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.
407dd58a4d56a1577f85a63f8d3249362ebd855a9d2e9461bef124d76718dfe1Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
18ac1040641e10f745441e19c4e76450403a73af58de924392fb2255e3dfadc1Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.
1d5d38694b7c25fc61d91a95f2fe8b95d80f7177cbc88c8349db3852e07f5b72Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.
187898797e4601317e850c37f6c620bbd5f74a4654555fc78d25559630b54c57The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
5dcb06868c15ec6031a011204cbd74de26b37669890217421638293a9f77e49bThis Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
f5c93c1dbb7c46d018f80b02b7e8b65d92e05da4eaa8f1ef27222f385aefb954Dup Scout version 13.5.28 suffers from an unquoted service path vulnerability.
46e00ea6e0536864a15de7ef2f1c92d0c522210998bedba2fcfa6e9d2496b09bRed Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02Trojan.Win32.Alien.erf malware suffers from a buffer overflow vulnerability.
f21fd4344ef1dd439138a5152b640bde46bdc5db13e058d8e123769d0a088c7bUnified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.
91d6e78aae245ee0b32085f6239ac318b8c262de77702459914f9a8c14ee7636Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.
c1b571dff4d7f86aae1597fdb8aa5e8932400ee1c1aed35b56eab3315ec48ed8Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
19735da2179172dfd4dafbdef97ffa2abdb672d9b8f5865fe7fd9e743f621ed9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed