Usermin version 1.820 authenticated remote code execution exploit.
1269514ec09dd065b78ba3dc999b0430fa4c0a9cedd960a589ba52d447a070a5ZesleCP version 3.1.9 authenticated remote code execution exploit.
13dc036088e14a3dceb02f4bb93c56fa35609cd89f5f254b27c676047a24cb78CyberPanel version 2.1 authenticated remote code execution exploit.
09cef76696c3f322663bcaedb3554377b61ecaadf24c49140593ee2a871b9d80Ubuntu Security Notice 5053-1 - It was discovered that libssh incorrectly handled rekeying. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
f3a279c38ed606749ddabedbd85154581e55cffe1b0adcb35cbdf2b297cc05deRed Hat Security Advisory 2021-3233-01 - Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Issues addressed include a buffer overflow vulnerability.
6be98a6925869e1147021473fada7a4429130b94ff373a3c8f888759d44b56efWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
58a7fa8dfe2010a8c8b7dcf66438c653e6493d47eb936ba48ef49d4aa4dbd725Ubuntu Security Notice 5051-3 - USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
601aedb02dcb81703c8f8937728eed132e75664b1787c8dacac442483a1a66efUbuntu Security Notice 5051-2 - USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
d608c60ee7f2610b9130e1d0027f1eeb33623ea36322fb9c087707f70f2a504bUbuntu Security Notice 5052-1 - MongoDB would fail to properly invalidate existing sessions for deleted users. This could allow a remote authenticated attacker to gain elevated privileges if their user account was recreated with elevated privileges.
0ea9b9b187dca2bf7ba1f179a3b10563d15e3a5471c3875c0a889c5422cc0083ProcessMaker version 3.5.4 suffers from a local file inclusion vulnerability.
9ea7d66b1db175d01d116b70589f81aa63e6fdbafe9911ea8926c41cf7d4ab71Ubuntu Security Notice 5037-2 - USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code. Various other issues were also addressed.
e7345d5b5d486e0daa13fc62b565f07e5438ea8c70f891e628005c753b119411Ubuntu Security Notice 5051-1 - John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
c58eb6da5f4d5d59425e108b61f06990b263a18153824d43ff593574b30d28bdI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
26e5f4d95b1a0766870f97b30e57c9a8e98690279c3bf09198e30effabecc450Online Leave Management System version 1.0 suffers from a remote shell upload vulnerability.
158752aae6e8944c23273fc0c91143696754c1868cef1091381b583413edd88eThis is a whitepaper that discusses additional vectors of attack that can be used against Razer products.
d896ee68726d14957e7b9ef3ead4ea6080977a3951b1f9246dab51ea5e04be7cHP OfficeJet 4630/7110 MYM1FN2025AR 2117A suffers from a persistent cross site scripting vulnerability.
9c47a3df0aeac66e90d1c67436d761aefbe3c0374807c5fb8d446b2233f196beWordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.
4ba2f635f1919087afeb889e83b56c9bba07306accfaf8f3400631cec952d93fOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1Ubuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
15f18b4a1645df7896d1474336043a68629898f3145352b2946dd200efd3f028OpenSSL Security Advisory 20210824 - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. Other issues were also addressed.
66334c85ddd9c930da8fe00ca3eaff4182ef23553e0a3eadf85842e9a513e5bbGRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
dda5e2fa2971fb4aa73738c44c9796ca3f1f566519c324b7cbf6b9c9629a2aafFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
1c5cdf6f6fd15ade52259507fd3182d7adfd3b3898b69f149c4b64e10a7dcbf4Ubuntu Security Notice 5048-1 - It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
ba81c2cbc24c926b2434bc1a0299f2832c2e3e64dcc9e5ebf19c7f8cfe9dc1b2Online Traffic Offense Management System version 1.0 unauthenticated remote code execution exploit.
3a0f14a344d8a07e5584638a35c227d39c06cf0f489140879d423a2d7f0185a5Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability.
991ebf15a2fad6e84c2cb8c0596024371c0ae5aa7b0309a15458c5be942d417d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed