A session token vulnerability has been discovered in VestaCP version 0.9.8-26. The vulnerability allows remote attackers to gain unauthenticated or unauthorized access by client-side token manipulation.
1ea034ed120e284dbcab37d365cf86efUbuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ee3119babe4a4a73b8652559a6df5f65Ubuntu Security Notice 4659-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.
37ee7c1e29761f04f52a270e013cd6edUbuntu Security Notice 4658-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.
172e17181d7ddc7028474879ff713778Simple College Website version 1.0 suffers from a local file inclusion vulnerability.
86b49885d775e8eb45bc78ef1e69613aCar Rental Management System version 1.0 suffers from local file inclusion and remote SQL injection vulnerabilities.
3a68203e8a08bc0b1358a7badb0e67c3Local Service Search Engine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
873806f84867ac817a077cd41f7f195eUbuntu Security Notice 4657-1 - Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.
3aefcd5c22a1c13bbe2b3f9912ac8531Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.
93853767d560545b7dd82c968276953fZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.
2ad453e5e030521747ac204455b0066dSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
6e3d8d179228a0b193db1471b8e14019CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Unified Infrastructure Management. A vulnerability exists that can allow a local attacker to elevate privileges. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions.
40d9553df42f55a04250a34b4f366e8cBoxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.
f956aa989b00a65c070070cfbabf0008Medical Center Portal Management System released prior to November 16, 2020 have been identified as being susceptible to a local file inclusion vulnerability.
ebb1a8cb615f15dc9ac1503fc00676dcOnline News Portal versions released prior to November 16, 2020 have been identified as being susceptible to a local file inclusion vulnerability.
150d4a01deee247d05bff4f6b2ff5485AIX version 5.3L libc local environment handling local root exploit. The AIX 5.3L (and possibly others) libc is vulnerable to multiple buffer overflow issues in the handling of locale environment variables. This allows for exploitation of any setuid root binary that makes use of functions such as setlocale() which do not perform bounds checking when handling LC_* environment variables. An attacker can leverage this issue to obtain root privileges on an impacted AIX system. This exploit makes use of the "/usr/bin/su" binary to trigger the overflow through LC_ALL and obtain root.
5a8e7e11f2da1598bdca5bdbbf71d224Gentoo Linux Security Advisory 202011-18 - Apache Ant uses various insecure temporary files possibly allowing local code execution. Versions less than 1.10.9 are affected.
7cc68dbbc5e2a4e57e20b6c2186249bbIntel NUC suffers from a local privilege escalation vulnerability.
931800d146c2676dcfdd36f0e0f77374AIX version 5.3L /usr/sbin/lquerypv local root privilege escalation exploit.
404c3fced5ca1174299093282bd7c407PMB version 5.6 suffers from a local file disclosure vulnerability.
431ff9b71930385b5b2560f2e379a207Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
3635b2f7b6645910bf702ce8eaeffd0dThis Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.
d988d9b9c395233084520c1b63a93177Ubuntu Security Notice 4171-6 - USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.
bf6d214866122a7e4c574dda44e1251bSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
2f14f230c864cc0ae600f8a638d40a88Microsoft Windows suffers from a local spooler bypass vulnerability.
3f3c10cd2d2b0c404a73cddec7d03575
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed