Red Hat Security Advisory 2020-5333-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a code execution vulnerability.
20808394681132136538de7d661cdd2fOnline Matrimonial Project version 1.0 authenticated remote code execution exploit.
a96292b2fc8628e5695e9fde160febe4WordPress WP-FileManager plugin version 6.8 remote code execution exploit.
384a5f15dbfddc6058b64fdb42bd1ce1WonderCMS version 3.1.3 suffers from an authenticated remote code execution vulnerability.
b444e794ada92a9ef2f96a93a0bbc90cWonderCMS version 3.1.3 suffers from an authenticated server-side request forgery vulnerability that allows for remote code execution.
693838d6867777ecd7efd98f273c1c06Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
15b6e660f7ec10e7b1caf283b0e647faRed Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.
4eefeaf6b7e349b286bcd7fc4ba67327Ruckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.
a76ca35e7a3f8b47cc3cd57b5a659c7cUbuntu Security Notice 4648-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
6fe24a2351dd3e1ef847961c9f674d37Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.
b950b07ca3d87158ef656845beeaadbcSeowon 130-SLC router version 1.0.11 suffers from a remote code execution vulnerability.
bfa4fe4c759168816c3ca278f138bd2dUbuntu Security Notice 4642-1 - It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service or arbitrary code execution.
e238caa5145e021e67c028deec6d2611This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category.
9e09355c37bbe36767252355895d406cZortam MP3 Media Studio version 27.60 suffers from a code execution vulnerability.
a53536cec733866dd62729901b31c2eaTestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.
6b5e7dfb10e7c55e6f044ad18e15665bGentoo Linux Security Advisory 202011-18 - Apache Ant uses various insecure temporary files possibly allowing local code execution. Versions less than 1.10.9 are affected.
7cc68dbbc5e2a4e57e20b6c2186249bbFuel CMS version 1.4 suffers from a remote code execution vulnerability.
f88a78cccfead351aa11b3cbeccf039cApple Security Advisory 2020-11-13-7 - Update 2020-005 High Sierra and Security Update 2020-005 Mojave address buffer overflow, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
0fe8239f9a75edd0ffb540f132347ccfApple Security Advisory 2020-11-13-6 - watchOS 7.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
1b3f70a0b803d4aba27dee55ca9e87efApple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.
4abb2ed024c0733f7aa17e86cafa43b1Apple Security Advisory 2020-11-13-2 - Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave addresses a code execution vulnerability.
ff4dc5b813f0111a2edff3869a40bd44Apple Security Advisory 2020-11-13-4 - tvOS 14.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
e65d5de230a8b7448d59d553c86fe14cApple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
f15d74568f4f6adf383e272deddb869bThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.
7d93c218049c0722da7e83b78f2c4623CMSUno version 1.6.2 user remote code execution exploit. This is a variant of the vulnerability discovered by the same researcher in November of 2020.
f7bfc12df7105f836ea45161547c01c1
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed