Simple Real Estate Portal System version 1.0 suffers from a remote SQL injection vulnerability.
2a175a101b412ad22ce92495b58ffcb40e5ea3e33025cd72c7dfc87ffad16377Microweber version 1.2.11 suffers from a remote shell upload vulnerability.
0f6099f5333136e7ed26b16e612cd8174391ba44ec5c5315299e6e968e78e18aDbltek GoIP with firmware version GHSFVT-1.1-67-5 suffers from a local file inclusion vulnerability.
0d6bacc2c1374df5d970bb3cd46b2c784a546df1614076f108665a82cba4a43fRed Hat Security Advisory 2022-0582-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
28f434c8a7e0c5a9a457c78e1d0a72539ecb56d9a3673853dd0aa3595f619edaFileCloud version 21.2 suffers from a cross site request forgery vulnerability.
416ed4585ffdeade05c15223afc7b591ef0cc08552298fcd8b219cac992f1ebfDatarobot suffers from a remote code execution vulnerability.
655be82d858b050310a87d53a8e33454703d09ce4323f8de6be4263ffe788843WordPress Perfect Survey plugin version 1.5.1 suffers from a remote SQL injection vulnerability.
ab5b6dcc9f080add826ddde39b1034b8a2169f9e05ade5e04cba6ab0dd330869WordPress WP User Frontend plugin version 3.5.25 suffers from an authenticated remote SQL injection vulnerability.
280867a4c60d20510ff5bcaa423c881cbcd213e1b2b74568a593019331132f17Red Hat Security Advisory 2022-0581-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
8bd21cf01e10e7a947db8efca057a501595b8383a816b9f497a90e17a13ebc45Thinfinity VirtualUI version 2.5.26.2 suffers from an information disclosure vulnerability.
2b19df6335cfc9aa814e3c77fff5405550b9e652464edcbb2f4a2198d44c4ca2Thinfinity VirtualUI version 2.5.41.0 suffers from an iframe injection vulnerability.
283c85287dddc71af90a100ee3df9c121378aa5bca5bd0c6921c262fe57f8e4aAuto Spare Parts Management version 1.0 suffers from a remote SQL injection vulnerability.
30d2f6c411784c3d31a4f2a68f89253ed00f4b05363894cf28982b8ab866391cHMA VPN version 5.3 suffers from an unquoted service path vulnerability.
fc3746e5e4d9467b9c73f54d58ba3cb675ceafeb9154939efe86c570c653aae5Microsoft Gaming Services version 2.52.13001.0 suffers from an unquoted service path vulnerability.
79139fdf3f5e6f9881454cf1de4ebaa7d172abaf459df0807afef041b5d9a6adCab Management System version 1.0 suffers from a remote SQL injection vulnerability.
c54a778ac6cac7cf0947d6a7afb026a8c6339c431312f32c1346da1b9e5231dbCab Management System version 1.0 suffers from a remote code execution vulnerability.
771891c9014d619ea4cab2be545d0859bab5c615100aa07d5a40c542c6895aaeCollabfiltrator is a tool to exfiltrate blind remote code execution output over DNS via Burp Collaborator.
e4f2c5b6b0aea01cabdd0c7e8cce96dca706d60a5b08960cdab94118b9c52dfeUbuntu Security Notice 5295-1 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
b547d8a973a224e901b06eaeedecd20d12b7bfbede9c1be88b6689532cb1a805WordPress MasterStudy LMS plugin version 2.7.5 suffers from a missing access control allowing an unauthenticated party the ability to create an administrative account.
a3a490fa31272315dc3b33abac3a970e548d08d2ce2376d9748f5e401a62604fWordPress UpdraftPlus versions 1.16.7 through 1.22.2 suffer from a backup disclosure vulnerability.
b497726806b3d3cd3a57bcd3b91fab0d6c64ec521a48183b3477b06789862f15Ubuntu Security Notice 5292-3 - USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code.
23fb2407472813360c266bf4444366a9b1f39826d88b86b3b54675092a32d4ecWordPress dzs-zoomsounds plugin version 6.60 suffers from a remote shell upload vulnerability.
6e96492b3bf0c53feb2e28da2e7826b4b660705ff00d0ce838e33bbfbb07bf95Ubuntu Security Notice 5292-2 - USN-5292-1 fixed vulnerabilities in snapd. This update provides the corresponding update for the riscv64 architecture. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information.
0c6bd21fafc633dfdaa09088d54dc04cc7a81354d0f9a2be6b57f8f4dccd6efaFortinet Fortimail version 7.0.1 suffers from a cross site scripting vulnerability.
7f8798b7aa7700d879a636522b5f36adeafdc2272b48d2974f728dabead950cdUbuntu Security Notice 5294-1 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1366df82d8fcd6815d5088e53ffe7f4c0a5200426d7806e8827105451bd46108
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed