The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.
627232e16239714ec375a9cfcdcb5ae5ed42b0f516a9d4728d978cfb3abf4962Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
71161ce693fd49985174cabbe4b4902ec1c5e2c717f481624564ca59b97f89c6Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
38f80fca24b17f32a9e3da9f5471c31d26cc3bb1e197893519649f27a2ab75e3Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
ecde74e6d4e7cbe2d1a44b93eaae60686b9045e1ada24356e1f1263b9c767441Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.
515f197037d9c5f17c04f6f6b1d9c4b1bdf5345da7af723254917f8af7f67453Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.
7b7a36e0ae757da258c9cf9c116c4320968424f0cd6c800ff639f92f245a5ca8ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.
f500e5fdb33867b5edf3170e3933efe781565d176bbb6a77f75941889807d9d6Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.
57c06dee963cb110cc6fde97e455934e8e311a4ead7ce42d1b55a525be6acea3CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.
596b2eea2e27565ab3f218e20a495aaef02193748d901ef08464493dd7fc27d9Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
14d11292105cb8b94a56279b28094f2991375524c7454e09c1c4271e1819998fCare2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
813565cbac4fa2b60990827c97c4b6014e8013852af0c5279d6bbe5c159039f1IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.
b4598723e07ce8a6c4f8a1ac2fbd7802bf319eccafe1b549bb7d97c72f235792
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed