Debian Linux Security Advisory 4200-1 - Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files.
5da48d16fafc9c8d14d4113a50ee4dbeVulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities.
982ee9389da127275dfc529c16ee33e4Ubuntu Security Notice 3645-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. Various other issues were also addressed.
ab18b8ec6d4a0b241a776a0d65c936ddUbuntu Security Notice 3644-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.
a3a7f94cde9ab4dab85a02d70c58b553Debian Linux Security Advisory 4199-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code or denial of service.
6991f4c67e40de4d8cc3b49fe2433ea8Debian Linux Security Advisory 4197-1 - Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed.
a5df4ca7d685afb578c58630365bd843Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
88830325a9cffa4e4d8c7d1e3ed4f55eUbuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
b616005171ef8530b23e4f187e4abdfdGentoo Linux Security Advisory 201805-4 - A vulnerability in rsync might allow remote attackers to execute arbitrary commands. Versions less than 3.1.3 are affected.
63d6d897881dec8e2e6a5281c3bddcb5Ubuntu Security Notice 3640-1 - Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code.
8c75b3ac007064bc9bb70bca2740dcacUbuntu Security Notice 3639-1 - It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information.
a10078237bc4b5950a1f50f845469234Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.
0a8ebefedcc50cb36f81573bebaba542This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by exploiting a vulnerable cron script. This Metasploit module uses an initial reverse TLS callback to stage arbitrary payloads on the target appliance. The cron job used for the final payload runs every 15 minutes by default and exploitation can take up to 20 minutes.
fe01448aae2bcc55f43fa22261d09244Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
70c039f34496a5cffda6c354f241701cUbuntu Security Notice 3638-1 - It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code.
4d0b1fa341e4bdfc2a577a49a752b08cThe WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.
21f2f7e73a000aa53bc81c6bd2ac2518Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.
c698f77203ec3de3839dae52a0afc827Debian Linux Security Advisory 4189-1 - Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service.
4e10fa9930830155e8c0fd1d3a361f73Red Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.
49944063f4ecc3d703262f227fa06f8fGentoo Linux Security Advisory 201805-3 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.139 are affected.
5f97f6ab07c7303a7cf8a3159a6cde13Gentoo Linux Security Advisory 201805-2 - A buffer overflow in Python might allow remote attackers to execute arbitrary code. Versions less than 2.7.14:2.7 are affected.
d7751fe44f3e06a91458c77c8e139509Ubuntu Security Notice 3637-1 - Thuan Pham, Marcel Bohme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. Thuan Pham, Marcel Bohme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
73eeb88db81fcd332045b34cfab4a648Tpshop versions 2.0.8 and below suffer from arbitrary file download and server-side request forgery vulnerabilities.
0d5864b3a0c0b1a3e4edcaee51e69ebeUbuntu Security Notice 3635-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
85531931d71d0277a373662193a6ba19This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.
f41618034e1f76ddd17f42794e9dc6c3
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed