RaspAP version 2.6.6 authenticated remote code execution exploit.
c37e2b413f40c9b270924668278428a786e4954e99bdea5bb1e2a5f9ec9366d0Simple Phone Book/Directory version 1.0 suffers from a remote SQL injection vulnerability.
f8c5131e6707085f362db23792418f4331f124563c7d7ff5b3f5fc0a77941faaWhitepaper discussing JavaScript static analysis. Written in Arabic.
0c4b9e81a57d57072c3bbf3c49892a9de6b7ea347238264d3d6ce9e7068c1996This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication, impersonate an arbitrary user, and write an arbitrary file to achieve remote code execution. By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 CU23 versions before 15.0.1497.15, Exchange 2016 CU19 versions before 15.1.2176.12, Exchange 2016 CU20 versions before 15.1.2242.5, Exchange 2019 CU8 versions before 15.2.792.13, and Exchange 2019 CU9 versions before 15.2.858.9.
b555cd3b9862ec567195ff3003e6dc453483630a7c663ee17d582778c11dbf59This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
7ca34b8bb24ae9e50f33792b7091b3841d7e1b440ff57bc9fabddf01e2ed1e24Online Traffic Offense Management System version 1.0 suffers from a remote SQL injection vulnerability.
f9ccba82b5fdd1c9551054d088cf435b9bc6b76ee2e32391e649fd8187bbf7d4NetModule Router Software versions prior to 4.3.0.113, 4.4.0.111, and 4.5.0.105 suffer from insecure password handling and session fixation vulnerabilities.
55c2cd76e6eb849928d497ed398e7ef24c35c003556aab944b5829e79cdf8dc6Laundry Booking Management System version 1.0 suffers from a remote SQL injection vulnerability.
0fa0ccd80f12ed76e46cdbfcbea69df5b713a5b2328737991110a18be7c9cb0aLaundry Booking Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
6235f0245770ffeb2d12c3b8443b6185676520853eac459c2cb573980dc42ee0Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities.
04419f303d6024196a934d7a822a54ec4c5ef330f60bde124f5af5cb94703343Red Hat Security Advisory 2021-3219-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Issues addressed include a denial of service vulnerability.
b14ada71b882c59a34d15d65dd0782ed8c2e52796a958fd6a7da92b5a819bbe1Red Hat Security Advisory 2021-3217-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a denial of service vulnerability.
67b7596a1bd8bf639a16e032ab329a8f0e4a6abae3dc16bd847b4bb11a617542WebKit suffers from a heap use-after-free vulnerability in Element::dispatchMouseEvent.
32ce340e9e7aafa598cb7a3f4f8b409cd814f55d9df9e771b2d4767d0216dbcbRed Hat Security Advisory 2021-3218-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.
4e81e64fea87aebb93c58f8cd6af86ef298d2bf1ca9cf241bb14bc8b09fb8a7cRed Hat Security Advisory 2021-3216-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a denial of service vulnerability.
2061d8512d69b0ee37f4e22bb328d97a07bcb620e3d1e1316ef3da1453eb47b4Red Hat Security Advisory 2021-3125-01 - This release of Red Hat build of Eclipse Vert.x 4.1.2 includes security updates, bug fixes, and enhancements.
3db3fc49baf2ced427948242e08c45594f7977c078eecf61a591c969b0d0ba60JavaScriptCore suffers from a crash condition due to an uninitialized register in slow_path_profile_catch. Proof of concept that affects Safari is included.
8dd2cde7c2edb66fc6061ca48debe795fc639981944e4354c301b47af6a7c4b1WebKit suffers from a heap use-after-free vulnerability in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy.
3bbacfe61c3afe8fcb813221566bd0ea237ec718789ecbd4ffc4394dbe1d0f85Charity Management System CMS version 1.0 suffers from code execution, cross site scripting, and remote SQL injection vulnerabilities.
10039f2160e3102db22bddd8e161c6b482b74136cf2f4a6ecd91d6cba5e0a00bAndy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
4af31b963bddcf331a7037ea35c40e4fbfd445f815d8756856219abad1f16c71Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399Simple Image Gallery version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
b65b3e6fecc3f9f54f070d6f79325e11c357276ad648cc23b89cc1de348c8b50Ubuntu Security Notice 5045-1 - Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
bde5f3bf782e59c0ed151fd7c46c5d2258f7fcd96669a1026e3e26aff417fae1Red Hat Security Advisory 2021-3207-01 - This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
45c967c8a201b1f39d4acd990e209ab0096988439ff4cec5216e3227f4f3dc4bCrossfire Server version 1.0 SetUp() remote buffer overflow exploit.
5fd5d08654c96dce896141305b739eecc4b96a438ff4c8fe04bcea3f1d164cfc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed