Node.JS node-serialize remote code execution exploit.
d4cff9dd6bf638bfad6430e7fdb98e3c41364d4bb5ae4c0a84b242ba5a992b80
Trojan-Dropper.Win32.Googite.b malware suffers from a code execution vulnerability.
c4c296961dc8e41f5d8e2fa7da763ac7a25c7f829d63b24f5a6ec102681a9a47
Ubuntu Security Notice 4992-1 - Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the rmmod command in GRUB 2 contained a use- after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that a buffer overflow existed in the command line parser in GRUB 2. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
1f9aec408e5162b86a8b71d82cc6be6d6601a5a4992dbb961c31198f605ea5bf
When analyzing the Protectimus SLIM TOTP hardware token, Matthias Deeg found out that the time used by the Protectimus SLIM TOTP hardware token can be set independently from the used seed value for generating time-based one-time passwords without requiring any authentication.
18da959eb49ff3d5b8d29ab92f7247fff8490774b451cce50831a03dc291d6c0
iFunbox version 4.2 suffers from an unquoted service path vulnerability.
282e697b6a984a007573280661f5c019cc2693b207326f3ff06fccb8c4ed6942
OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.
4137f1bcde3ba0b062231c438d7bd1885e04568f8cb1e019f5635288f2560b7d
ICE Hrm version 29.0.0.OS suffers from a persistent cross site scripting vulnerability.
81351aa19a519f6d67a50fa7c5f0e01f5776fd2f342d0cfce2bff3a6327604ca
Brief whitepaper that goes through proxy, ssh, and vpn pivoting during an attack. Written in Arabic.
a1e855c508e17641d2eb114eced9cbb69be22f676f04484aaf30c490b078784e
ICE Hrm version 29.0.0.OS suffers from a cross site request forgery vulnerability.
428307418f215e41128b67466956ad0750203da95db327aba348d9c16fad1e1d
ICE Hrm version 29.0.0.OS suffers from cross site scripting and session fixation vulnerabilities.
4f2a125bcf3c1919dd62b032560e0645fab870d5f7925db93ca9c712c8661782
Whitepaper called 'node-serialize' Remote Code Execution - Web Shell. Written in Turkish.
5258591e002e919f55d52d14edd0cf8d6b32488ebf99fbf4b7583e1a674d53bb
Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.
38f527bf92212574fd2e8353820dd66e5279bfa5e4f6a13e08dc27aaaf456463
Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.
407dd58a4d56a1577f85a63f8d3249362ebd855a9d2e9461bef124d76718dfe1
Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
18ac1040641e10f745441e19c4e76450403a73af58de924392fb2255e3dfadc1
Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.
1d5d38694b7c25fc61d91a95f2fe8b95d80f7177cbc88c8349db3852e07f5b72
Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342
Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.
187898797e4601317e850c37f6c620bbd5f74a4654555fc78d25559630b54c57
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
5dcb06868c15ec6031a011204cbd74de26b37669890217421638293a9f77e49b
This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
f5c93c1dbb7c46d018f80b02b7e8b65d92e05da4eaa8f1ef27222f385aefb954
Dup Scout version 13.5.28 suffers from an unquoted service path vulnerability.
46e00ea6e0536864a15de7ef2f1c92d0c522210998bedba2fcfa6e9d2496b09b
Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02
Trojan.Win32.Alien.erf malware suffers from a buffer overflow vulnerability.
f21fd4344ef1dd439138a5152b640bde46bdc5db13e058d8e123769d0a088c7b
Unified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.
91d6e78aae245ee0b32085f6239ac318b8c262de77702459914f9a8c14ee7636
Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.
c1b571dff4d7f86aae1597fdb8aa5e8932400ee1c1aed35b56eab3315ec48ed8
Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
19735da2179172dfd4dafbdef97ffa2abdb672d9b8f5865fe7fd9e743f621ed9