Red Hat Security Advisory 2020-4390-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.
5e29b134d33cbe475b05d7701f782272CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d3aadf2b646624fb0e923161209bb1f7Ubuntu Security Notice 4607-1 - It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service via a specially crafted input. Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. Various other issues were also addressed.
5415752655f0e455fc9170072766e9f8Nagios XI version 5.7.3 mibs.php remote command injection exploit.
8e729d2d07e2d318addb68643737cde7Ubuntu Security Notice 4603-1 - It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
0573b9c8ba4101525d52bc7c87e6951bUbuntu Security Notice 4600-2 - USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash. Various other issues were also addressed.
7e57f46c987a9078e9c417ea47e51a55Ubuntu Security Notice 3081-2 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges.
3033f5f797851ab5b2c70da0510266daOnline Library Management System version 1.0 suffers from a remote shell upload vulnerability.
459c992933d1f7209cbdf12c6e9c33d4Point of Sales version 1.0 suffers from a remote SQL injection vulnerability.
eede65cf1547b8a3fb1923b34e462ebcGym Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
6e56883ad7e28b8bddeeabeaf74f5ac7Ubuntu Security Notice 4602-2 - USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
549f62bb06239388f75ae227d8f0e23cRed Hat Security Advisory 2020-4366-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, memory leak, and traversal vulnerabilities.
7d6e7da12be65b2cdd1595dbfca27aa8Sentrifugo version 3.2 suffers from a restriction bypass vulnerability that allows for a remote shell upload.
981cdb0177e2271690c25d011e5b38c6Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Many of their devices utilize hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in using the default credentials for accessing the web interface or gain shell access as root.
063154d6c7521ecfedc183b52625d739Sphider Search Engine version 1.3.6 remote code execution exploit.
2379dde6c9c4d4aca8f5e6073444d459Ubuntu Security Notice 4602-1 - ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
12de9bee88d387efd047ec5aa10983a5InoERP version 0.7.2 suffers from an unauthenticated remote code execution vulnerability.
b7684b0b25bfb36cec0c74a9db79b663Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
8df56851108239cc216beff14d5b8a3aUbuntu Security Notice 4593-2 - USN-4593-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 14.04 ESM. Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
94eb2ba1d11c5585ee7407cddda2c700Gentoo Linux Security Advisory 202010-7 - A buffer overflow in FreeType might allow remote attacker(s) to execute arbitrary code. Versions less than 2.10.3-r1 are affected.
c1cafd298dfac8722fea1d4c4b969f3bUbuntu Security Notice 4601-1 - It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack.
bc4ff49ae92b05e0317b150277586672Ubuntu Security Notice 4600-1 - It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information.
fe9692750d4cd79cb0487d583921ce2bUbuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
5c40bcc0c86629743bfb32379ae1299bUbuntu Security Notice 4588-1 - It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.
c93c71e5707584e309f32196cbb377eaUbuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a0940d2ea11a0ed386f0828fbb1f40c5
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed