Ubuntu Security Notice 6914-1 - Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account.
73fd131bb18f7771a681c59e661c0d5775f0b0b24508b2c6d987f93a40cd38d7Ubuntu Security Notice 6913-1 - Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class.
3d357e0c9b781b559ab37c7e2d6214c573f839b885c985403381dc8900f0c313Prison Management System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
86134abe13930c15d9a0ec6d1f20f1dd3360b399fa96b4ae5b5821bcc9112abbSLiMS CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
40690990f8e7a9d69ac2a7722849376b960091b3430423c391d36914318f58b7Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.
2ae146c10db1dd391dc98c4fa06a3252bd241865630bfb4113b9433bc4f68d29Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.
58168a762eb0c9cf33ac4f136c917cd582ae33ea9ebf9c0389eb492248ad3eccStarTask CRM version 1.9 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6e2fd2cbf7c7bffe7c302d4b461bf6f489fbda9665b18dc56c36e3c574b89861Ubuntu Security Notice 6907-1 - Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.
9c136fbdc40fa780322300ff78d451d018ef8f0e38ed960fa3d82de437e9c749TAIF LMS version 5.8.0 suffers from a remote shell upload vulnerability.
ba349faa2be4ef714aa164c5655faad9e8a44e970f5e25e60f66cee08f658427Ubuntu Security Notice 6908-1 - It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code.
7726e75bbe7b39bbdc84999efb427741b22bbfa118702c92655b75b6eafddeefVencorp version 2.1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1efa85ad70e114a1d0f8dac25bda7b473b55d33338cbdef57caf77c451658123Ubuntu Security Notice 6909-1 - It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
306da0210b1902b737e1fa55bad21112997cf1e927d3439a48d391e725b8de48Ubuntu Security Notice 6905-1 - It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
f1fb99c460c408c54600bfb86185879ad2833e7b4ce66083ea2f2adece4c2d2bMinfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.
c70371f0daa1616ffe4fc66938a433e31d91535c9593510fb4fccef1fdbc587eThis Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43eStore CMS version 2.0 suffers from a remote SQL injection vulnerability.
de369a0ae5b5244b3ab433e9d7d07ec19ac008a8083d31f1bf7a032e4ffa3c9bUbuntu Security Notice 6902-1 - It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
9a63aa2943140950806a11aec9119a422cddc8e0dfdc7143ffb68c82b5967f3aUbuntu Security Notice 6901-1 - It was discovered that stunnel did not properly validate client certificates when configured to use both the redirect and verifyChain options. A remote attacker could potentially use this issue to obtain sensitive information by accessing the tunneled service.
933f9a0affdeefea6ab6aa2495ffa6ba1333eebfac57eaf7677ea9c67f425cb8XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.
141922e324fd21737d323eaed2f53c7bc972900273dfc3e19ea72c0648544233Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a527f71217d32274beae028c4fd49e504ec99bf57f1991e46fa931328924f372GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer versions before 2.23.6, greater than or equal to 2.24.0, before 2.24.4 and greater than equal to 2.25.0, and before 2.25.1, multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system.
60f349aa901f9dae2286ae790ca0dc4f7e03fb5120fbbaa6cd6f79d5a14fe921Atlassian Confluence suffers from a template injection vulnerability that leads to remote code execution. This repository has three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk.
efe9acf218872fcb2aaad8260c6fdae6e0f538f783ac6624c299f3a0e4254f94Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. Orange Tsai discovered that the Apache HTTP Server incorrectly handled certain response headers. A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attacks. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
09a87e1b0ca03b35feb4d66d7489813a4fc3939cea0c49c3c31bf9e7662b2f1fUbuntu Security Notice 6888-2 - USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service.
8a338c088c8fff298fd87665108b1cf592bf62ff0ad1865965cfb6584411d929This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.
b198d9755cf50ac9c6b86be9526d83c12bdaeab6e989721de64dd0ef6781f8d3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed