Ubuntu Security Notice 4444-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
41e64fcb2adc18e2a3f8f179c1a36e11Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.
c24d92ba32b907f53df823c312feb8d2A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.
1951b8a6649841f289b9e4feb3f9e3b0Gentoo Linux Security Advisory 202007-62 - A flaw in PyCrypto allow remote attackers to obtain sensitive information. Versions less than or equal to 2.6.1-r2 are affected.
80d76ca85d2e9711881765ca3dea3df9Online Shopping Alphaware version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2f22bbeb57ec0516c03bb902f1c1c310Online Bike Rental version 1.0 suffers from a remote shell upload vulnerability.
5137e92942eb565db42676669250675aDaily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4f5a24a83647c98bdc4387fb5214ec35Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
510700212f5dc5abaaf187c1217f9dd6This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.
3aee05fb3bfa3e3eb0452ce7bbf7bdfbUbuntu Security Notice 4436-2 - USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. Various other issues were also addressed.
a1612bf1f32015d135edccb761c8574bSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
f2cd265d7771a6757969a26ac1fa2c67This Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
ce6d90fc11286f40ae29b48e9bcc545dUbuntu Security Notice 4435-2 - USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
ecad992db1cb661edf6172acce2ff41aUbuntu Security Notice 4436-1 - It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. Various other issues were also addressed.
906c05f1130110454f18bd151b780705Ubuntu Security Notice 4435-1 - It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
0f0f4ee751fa9887b20132649f16c61fUbuntu Security Notice 4437-1 - Ziming Zhang and VictorV discovered that libslirp incorrectly handled replying to certain ICMP echo requests. A remote attacker could possibly use this issue to cause libslirp to crash, resulting in a denial of service.
2c52decab997bff853328fdb45ea73fdGentoo Linux Security Advisory 202007-45 - A buffer overflow in NTFS-3g might allow local or remote attacker(s) to execute arbitrary code, or escalate privileges. Versions less than 2017.3.23-r3 are affected.
286e20d811d3846227c976078d780c48Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
fed575a4474cadcd161c76191c66937aRuby On Rails version 5.0.1 remote code execution exploit.
6c0633d8ae026e22f98ff5981cbe2ff4Gentoo Linux Security Advisory 202007-38 - A use-after-free was discovered in QtGui's Markdown handling code possibly allowing a remote attacker to execute arbitrary code. Versions less than 5.14.2 are affected.
ed031131637bb5e0dc7d34e69fde70c9eGroupWare version 1.14 suffers from a remote command execution vulnerability.
2ef68623857818d9aa576f34016f45c5Koken CMS version 0.22.24 suffers from a remote shell upload vulnerability.
5b0592db7ea566f8f67175e561151e2fLibreHealth version 2.0.0 authenticated remote code execution exploit.
c21b4b511f291e76d1d84cb98e90cd06WordPress Email Subscribers and Newsletters plugin version 4.2.2 suffers from a remote SQL injection vulnerability.
16d77aeb4869de02394d5ec2a344b26dGentoo Linux Security Advisory 202007-7 - A use-after-free possibly allowing remote execution of code was discovered in Transmission. Versions less than 3.00 are affected.
6d0b71fac01d5cda94f46eedcc44040d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed