RiteCMS versions 3.1.0 and below suffer from an arbitrary file deletion vulnerability.
07a5012d72060344e0ae19361f61dc68WordPress The True Ranker plugin versions 2.2.2 and below suffer from an arbitrary file read vulnerability.
67e8963840362892bbbe7e6c96d521fcsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
bb815d35262e6b1362216f954b292719Ubuntu Security Notice 5186-2 - USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.
dfad93a492ded55859e2e1d62ade7829This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in WordPress plugin Popular Posts versions 5.3.2 and below. The exploit chain is rather complicated. Authentication is required and gd for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60 second server cache refresh (the exploit waits 90 seconds), the homepage widget is loaded which triggers the plugin to download the payload from the server. The payload has a GIF header, and a double extension (.gif.php) allowing for arbitrary PHP code to be executed.
58b71d78f3e92f8308944edbaef03644This bug report describes a vulnerability in ART that allows normal applications to insert arbitrary code into unused executable memory in zygote and other applications.
8485539d964fd35ecf94557cacb68903Ubuntu Security Notice 5192-2 - USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5df30b04cd149d1c5b52eceef9e3fda9Ubuntu Security Notice 5195-1 - It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code.
fc5a94902e19d2cc3f126b4f238d6312Ubuntu Security Notice 5193-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
e108cb43c46ea10f53cace521f936163Oliver Library Server 5 versions prior to 8.00.008.053 suffer from an arbitrary file download vulnerability. Softlink Education has contacted Packet Storm and although they were unable to replicate this issue in their hosting environment, they have proactively made changes to the software to mitigate attempts for this attack.
47de3fec9dce2620943ba2fb7c366359Ubuntu Security Notice 5192-1 - Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.
cd7a64761d3db930f439affb20d51b73Ubuntu Security Notice 5186-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.
af467d405b02c0deebc430a5e5265a84Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
09c5608ec058a3f1d995a4340b5d204bUbuntu Security Notice 5183-1 - Julian Rauchberger discovered that BlueZ incorrectly handled memory when processing SDP attribute requests. A remote attacker could use this issue to cause BlueZ to crash, leading to a denial of service, or possibly execute arbitrary code.
a234da3acdba27985d86e55366a94ecbGrafana version 8.3.0 suffers from a directory traversal vulnerability that can allow for arbitrary file reading.
6c5e75e53691c8f37a2a3aa15b286ccaTestLink versions 1.16 through 1.19 suffer from an arbitrary file download vulnerability.
662aeacc4ee54a2b4a00f029b7ef1784Grafana suffers from an unauthorized arbitrary file reading vulnerability. Version 8.3.1 addresses this issue.
b07119f68d1f96828ea48a5529ee09b5Ubuntu Security Notice 5168-4 - USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
268760165ba1221a3f3d235bd7035bf9Ubuntu Security Notice 5179-1 - It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that BusyBox incorrectly handled certain malformed LZMA archives. If a user or automated system were tricked into processing a specially crafted LZMA archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly leak sensitive information. Various other issues were also addressed.
01b6c0084a8d9d9b7eae9133958e19dfUbuntu Security Notice 5172-1 - It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information.
b665785c4aa95ee4e2437ad46c171d01WordPress DZS Zoomsounds plugin version 6.45 suffers from an unauthenticated arbitrary file read vulnerability.
4c910944d00be1a6a4dbbae9b2ee5e7dUbuntu Security Notice 5168-3 - USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
106341b60664441783f0031ef8f6265aUbuntu Security Notice 5168-1 - Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
0e4142ce22ed9c20ba17227b9f26297fUbuntu Security Notice 5168-2 - Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code.
cceb150b416aa2150d692f26de8cb22bAndroid's vold's incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold's IPC handlers related to incremental-fs (mountIncFs, unmountIncFs, bindMount) allow system_server to specify semi-arbitrary paths, allowing system_server to trigger mounting on directories that shouldn't be under system_server control.
28fb6ce55ef07cbdb3ed3c6e2997f68d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed