Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
be4bfb0a23a1362f7b8d1ad2b2b25bc06f3d7aee14e9df0b79b673b6a445fdbeDebian Linux Security Advisory 5773-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
8898d709ae27812683b98775f6cd9542d1faa76d04a8943e6f4624dc1dd38dd4Ubuntu Security Notice 6968-2 - USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.
9fe9a35f3f5cca74b761d2b0bebe46ac1ef90beaf1b0c70bef6c2a9b7316c239BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.
6e54154264109ce0380fee45cc8dba495239a6e22843e4f8d07ddd298e5af855Travel Management System Project version 1.0 suffers from an arbitrary file upload vulnerability.
759d3158646088d395fadb366a34f4e08fcbf04963fd9527824e9428498ffc2bUbuntu Security Notice 7023-1 - Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. This issue was fixed in Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 18.04 LTS.
7895cf7a141aedfd41b2a61a583811474abc6f476e1153b53a34852f4c85fdefOnline Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbdDebian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.
c1619153de1b5b70d0c75d33d3807ae59a0796df1edfa06f7f54ce8a562d5941Ubuntu Security Notice 7000-2 - USN-7000-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 22.04 LTS. Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
59bf3b6ef3d66bb680edf070eb8e73bfa69b84933ee4e951d7c495cad067f15cUbuntu Security Notice 7001-2 - USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
e8e28f2f9097ce08c9631f1af9eb47b3fb56c0e9466585153477ebbeb1f2ce61Online Notice Board System version 1.0 suffers from an arbitrary file upload vulnerability.
ab3ddd76fa0a76019b10579096221df8438dc75c5be821cc1ebffb0b0e85e47bUbuntu Security Notice 7011-1 - It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled logfile privileges. A local attacker could use this issue to cause ClamAV to overwrite arbitrary files, possibly leading to privilege escalation.
7897a81be15a2ad33e2c6bbed38f25a6b24c62e5b951be1d16ac4ba6ef9f7d76Online Bus Ticket Booking Website version 1.0 suffers from an arbitrary file upload vulnerability.
d02b982816fa96d983d448b4dac321ae5fc15af8c9aaf37b74b02f7189a5feb4Expense Management System version 1.0 suffers from an arbitrary file upload vulnerability.
66dcc2bef5476bdd41cb8a565bbbb520bf475144f6f9a701f2b3796408386473Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.
e281d48432c2585fa05b2517fffc0171d56091981f896fb78703333f642a73a5Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.
83536dc8a513bc91c3b3400ac06ab789245a973f960faf3d2457de55046bfbb7Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.
0b11185c3ea1add14d0fab396e3abc79b89450ee26fe1d4c4eb27856f33193eaUbuntu Security Notice 7009-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
5b612a46c804c77ac14a7809a47fec0de9fff4a8a6439f91a0d5ad4c32a28058Ubuntu Security Notice 7005-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
6722bd323d2134b55a3539166e919fdb46c6f0337a2763dd47aa0a93f5ff8e0fUbuntu Security Notice 7008-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
4d06037efff1b22fc4a25ee26edfc4fbdfa3522a94c990b7f8761e4399d65123Ubuntu Security Notice 7007-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
75288876207886b7f55abdb86b7b5aacd443455c1c45a71b584458933c8c5632This Metasploit module exploits a stack-based buffer overflow vulnerability in MPlayer Lite r33064, caused by improper bounds checking of an URL entry. By persuading the victim to open a specially-crafted .M3U file, specifically by drag-and-dropping it to the player, a remote attacker can execute arbitrary code on the system.
61c9fed931a83bc7851c93ab4e149ec607c061edc841c01aaf722c287b7d3742This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).
217c97be589524ea77431218332eff5e82efabdd6dfa3503ed0ddab691480814This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.
2df85540ffe31bd6abf8706295866ebd1d381d12c36e4680836b772ead8e9445
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed