Online Hotel Reservation System version 1.0 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Mesut Cetin in January of 2021.
0edf6c9cc89607788d24c82489b990e2Neo4j version 3.4.18 RMI-based java deserialization remote code execution exploit.
4308113757c05a9c6ddc914eadc40b93Men Salon Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0ff477e555550da6dc8a150460ace2e3Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.
dac4dfce514725aab909b2548e85e3eePanasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.
144372220bfafa4d89dbf4f8e47b37dfRed Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
a0114d53b577918564cb95687a4409bbUbuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1df5275a8531c053a169685e8b2d82e6Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e229b5ed152b516f5a258a11fdafd755ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.
428a660ba8fcf617d5de88b7920acbe4ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.
e4ac02c7c40ce27bf82fc181349ac136ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.
42b0801a736a8c5f0e5d56cd04363a4eThis paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.
d7c2cc86d7a9d259f00455f3d755ec57The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.
5f885a87a9be3f10bfe9e9e4c08c923cUbuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
36961b1b148131d5ac49f6d33229fe09Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
3c10a991eb8badac274f6dcaed884e44Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
6a5637ce7d7f32fbc3a3c1f0931505e7Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.
317f74ce8072ee0dc28309859d8ab843Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.
9c56c41fd6c84e6025c78a7ea70f8fc2ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.
2baf2d582b70bc71d82c7d5d66558dd6Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.
805c04f52ac0499cb1925b8798585651CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.
6b9334fc24a1423e729c3cc9ba40c878Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
50a9963ba1903faeab04b47189a80b51Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
2edf1e8741d37582e1ac3205362fd224IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.
3dbce8c7f3ef261ca1360be805297f27Red Hat Security Advisory 2021-2932-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
09026fe4bea1368d8dd91241bc564be1
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed