Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
8df860a16344eea891017b2ab32a71efUbuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
d6332636e5ade7508bf28fbcac3c59ccexacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
98a9960106f1cef1cf55ce4666251455Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
425b2b589d0ad63f13c2c1d76cedbb9eUbuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
a42b0939b032f1ef360d067831515fc8CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
ad2667b2518dc48fc775c2bce95ae340This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.
3ba74c7641d287a5a1d6cee6bdb0eff5CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
2221652ee89c73f5809f4205dcbfb0d2Gentoo Linux Security Advisory 201903-12 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.22.6 are affected.
3393bd898bafcd042bfadf81ead8f705The Microsoft Windows MSHTML Engine is prone to a vulnerability that allows attackers to execute arbitrary code on vulnerable systems because of improper validation of specially crafted web documents (html, xhtml, etc).
f319a8657955eabd715a9358f82d0668Ubuntu Security Notice 3906-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
56e847616d505958b3eb0f59eaea2e67Gentoo Linux Security Advisory 201903-7 - Multiple vulnerabilities have been found in systemd, the worst of which may allow execution of arbitrary code. Versions less than 239-r4 are affected.
54c0e1f2f9097feadba5e834cb7254c0BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. Version 2.8.0 is affected.
7aee5a2862d6abbe08b84cd641d5b068WordPress WP Fastest Cache plugin versions 0.8.9.0 and below suffer from an arbitrary file deletion vulnerability.
9b9a838b46eb2f7747fb39c71ac3d48aDebian Linux Security Advisory 4404-1 - Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.
f259f323229f50aeb91583a49ffac28bGentoo Linux Security Advisory 201903-6 - Multiple vulnerabilities have been discovered in rdesktop, the worst of which could result in the remote execution of arbitrary code. Versions less than 1.8.4 are affected.
bd29d49587b4aa9a06f853c5a4f16d28Gentoo Linux Security Advisory 201903-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.5.1 are affected.
6751fa8425ac41b61633c4b262443455DotNetNuke SaveAsPDF module version 1.0 suffers from an arbitrary file download vulnerability.
4874d6c163e0bb30017d6b7221e9448cGentoo Linux Security Advisory 201903-2 - Input validation errors in Zsh could result in arbitrary code execution. Versions less than 5.6 are affected.
a2d743b66770d00c10ced2906037a0f0Ubuntu Security Notice 3903-2 - USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Various other issues were also addressed.
5e5d9cbb5878ed83496a64b72a97df4fUbuntu Security Notice 3903-1 - Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.
1bae64cc96939b5670016270682ddee8Ubuntu Security Notice 3885-2 - USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Various other issues were also addressed.
f34497e7fb170dcf3d9ac60a51149cd4Debian Linux Security Advisory 4387-2 - It was found that a security update (DSA-4387-1) of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.
88cea46d231b8279eecaac5b7333b593sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
f6ac90cfc745d2be3d5170314277e32fUbuntu Security Notice 3900-1 - It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.
5465e69907c9e79e55b5186813ab2317
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed