Ubuntu Security Notice 4648-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
6fe24a2351dd3e1ef847961c9f674d37Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.
b950b07ca3d87158ef656845beeaadbcSeowon 130-SLC router version 1.0.11 suffers from a remote code execution vulnerability.
bfa4fe4c759168816c3ca278f138bd2dUbuntu Security Notice 4642-1 - It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service or arbitrary code execution.
e238caa5145e021e67c028deec6d2611This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category.
9e09355c37bbe36767252355895d406cZortam MP3 Media Studio version 27.60 suffers from a code execution vulnerability.
a53536cec733866dd62729901b31c2eaTestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.
6b5e7dfb10e7c55e6f044ad18e15665bGentoo Linux Security Advisory 202011-18 - Apache Ant uses various insecure temporary files possibly allowing local code execution. Versions less than 1.10.9 are affected.
7cc68dbbc5e2a4e57e20b6c2186249bbFuel CMS version 1.4 suffers from a remote code execution vulnerability.
f88a78cccfead351aa11b3cbeccf039cApple Security Advisory 2020-11-13-7 - Update 2020-005 High Sierra and Security Update 2020-005 Mojave address buffer overflow, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
0fe8239f9a75edd0ffb540f132347ccfApple Security Advisory 2020-11-13-6 - watchOS 7.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
1b3f70a0b803d4aba27dee55ca9e87efApple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.
4abb2ed024c0733f7aa17e86cafa43b1Apple Security Advisory 2020-11-13-2 - Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave addresses a code execution vulnerability.
ff4dc5b813f0111a2edff3869a40bd44Apple Security Advisory 2020-11-13-4 - tvOS 14.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
e65d5de230a8b7448d59d553c86fe14cApple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
f15d74568f4f6adf383e272deddb869bThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.
7d93c218049c0722da7e83b78f2c4623CMSUno version 1.6.2 user remote code execution exploit. This is a variant of the vulnerability discovered by the same researcher in November of 2020.
f7bfc12df7105f836ea45161547c01c1Joomla Simple Image Gallery Extended (SIGE) extension versions 3.4.1-FREE and 3.5.3-PRO suffer from cross site scripting and remote file inclusion vulnerabilities.
57c76870c76473a7da1cad2edd7fa766Apple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
afdd7d495da761675d9100b068a53d3cApple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.
e403bd4c30b82e389c6c41871b8a9527Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
e316caeb924e1e7eb685c0783a056ddbSuiteCRM version 7.11.15 suffers from an authenticated remote code execution vulnerability.
5f0ce04e7d4e850a72437c6c052dbe1dCMSUno version 1.6.2 authenticated remote code execution exploit.
da05a3ff1e0ab5ad382c8e30fdb5f937Sentrifugo version 3.2 assets authenticated remote code execution exploit.
f8934d22ecd14e85587d2b831e226bb5Sentrifugo version 3.2 announcements authenticated remote code execution exploit.
23b861937f221629412f6ee09ae997d3
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed