Gentoo Linux Security Advisory 202107-4 - Multiple vulnerabilities have been found in Graphviz, the worst of which could result in the arbitrary execution of code. Versions less than 2.47.1 are affected.
e6468bcb9795cedf222ea333831f1335ba1a664bd8a93a73c415fe94699b3f49Ricon Industrial Cellular Router S9922XL suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the ping_server_ip POST parameter. It is also vulnerable to Heartbleed.
6bc26692f58719553d7c44565a9e32b962f1b7a0df1be48e3aa022a96cc9e0b5Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
8839e08b41449dfc8ea4de80db82fa65cd58eb2849bad792c17907cfe7f65b18Virus.Win32.Shodi.e malware suffers from a heap corruption vulnerability.
e5992ed5886d827c3b902f3c357da73a453ca8caafc54ce4c28cd1746fa34680Ubuntu Security Notice 5005-1 - It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
b37d5e748ee349e30288b5084f070dca5d7fbc946fde98cb731ec6b4b1d7e003sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
b5d7bd6bfee2fcce2f84b332a9c337d45c37343c53b5793cc4141db77789db70Simple Client Management System version 1.0 shell upload exploit that leverages SQL injection.
09f4e807c7324034958dedc3be061e3ba0c0b332ee02a73ae4847eee75a58d46Virus.Win32.Shodi.e malware suffers from a remote command execution vulnerability.
82303bb0810f803eca29ae68d292dfaaf9fff7857b88fcd0b8886b40b87ac177Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
32fd0e0451b83dadd98d93893ffb386e0fc7d0c97d1cf0f2cef9d7704b7abb1cWordPress Backup Guard plugin version 1.5.8 remote shell upload exploit.
fff7a31cabb9e677c9b7a571b07bc73bd4e7d93cef73bad084608ead38c240bbGentoo Linux Security Advisory 202107-3 - An insecure temporary file usage has been reported in libqb possibly allowing local code execution. Versions less than 1.0.5 are affected.
92c2ab60bfa89b7b070ed490feabfd2b588d2d38a8a9509a08259c1bf26abddcVirus.Win32.Shodi.e malware suffers from an insecure transit vulnerability.
c56fb5ab3fc0f60539a4e74cf4a1baf8b1adc4f7a076a1ff1bcd1b27a8570021WordPress WP Learn Manager plugin version 1.1.2 suffers from a persistent cross site scripting vulnerability.
e77e3742ff15e945637eaae256c036ec3a2c55ed8932acec6bb39fb92ba72173GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
39d07cdb4524818f9ebce49294931974af504519e6a7476c52e9d38fc0bd0cc9Backdoor.Win32.WinShell.40 malware suffers from authentication bypass and command execution vulnerabilities.
9f44e8e45e75a24a1daa0d06915db6cb4a750ea6af41b68dee2541dad1a611fcGentoo Linux Security Advisory 202107-2 - Multiple vulnerabilities have been found in FreeImage, the worst of which could result in a Denial of Service condition. Versions less than 3.18.0-r2 are affected.
990d02ada3d6a593b27a2eb19ca0644e2e91c3fb759e5573869a70d2a9b71642OpenEMR version 5.0.17 path traversal exploit.
d922d48e6a0bee902e565673aa1c4471cc5327d78c48154ce121df3691d4e7acBackdoor.Win32.Zombam.l malware suffers from a code execution vulnerability.
ee19ce806cc0d4edb708c50fbad6626f75c0b59d26bcfabb94ebdcbb0d03572dBackdoor.Win32.Zombam.l malware suffers from a buffer overflow vulnerability.
0fdd4c15f6fd2ae0d21e68a3f6a75d0be6e6207d0cb397091ca71fb6fc8f7c96Trojan.Win32.Inject.adwas malware suffers from an insecure permissions vulnerability.
f2f11d60d2f810a8ea265a8370ad3a821968c947c206c5104c92506aad7442adOnline Voting System version 1.0 remote SQL injection to code execution exploit. This is a variant exploit based off of the original discovery by deathflash1411 in July of 2021.
3ff5e07eb42ef2116755a72245e4a865eade38a1b8620e3d8abcc7ea7332aab4HEUR.Trojan.Win32.Generic malware suffers from an insecure permissions vulnerability.
2cb461bc212c3627824eb30b5b2bbeeefa7e3deca0741fe9648210205112ae12Trojan-Dropper.Win32.Agent.wxl malware suffers from an insecure permissions vulnerability.
99932ccd1d201b0c25383f79cdeb2aa8dc704fd0e8d6f8af463ddfb507bfddb8Gentoo Linux Security Advisory 202107-1 - A vulnerability in corosync could lead to a Denial of Service condition. Versions less than 3.0.4 are affected.
a14e8e1b886d9131762ec3acbeb6481d14ab3b42c70eacd94d9de50be6e83aa8Trojan.Win32.VB.bcng malware suffers from an insecure permissions vulnerability.
0bf9d5b2cf7f0fd5e88d71b27932fd09c51a7e41bfae5e2c1a82b0c5c66eaa6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed