FutureNet NXR-G240 Series remote shellshock command injection exploit.
c16ed470e8102d32f5c571792cdedf24Ubuntu Security Notice 3831-2 - USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
90e4e6902a9545090e0ab2f68dbb0ec5PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
1e14bb1c2b571fa0e1907a89e0032aceUbuntu Security Notice 3838-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
879b86e3856df5f621b8482aaf06a069Hasan MWB version 1.0 suffers from multiple time-based remote SQL injection vulnerabilities.
643d3c7b5bde03097fdee273cac5630aUbuntu Security Notice 3811-3 - USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
99e9b14016913915026a9427dfc058dcRed Hat Security Advisory 2018-3773-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include cleartext password logging.
51782eb421e92229ef9253f4a7fe3721Red Hat Security Advisory 2018-3771-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include cleartext password logging.
4bd45694c8a8b395b599b9ceadd19b98Red Hat Security Advisory 2018-3770-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include cleartext password logging.
9bc4b914b4ad03ea6b8a77f27a824435Red Hat Security Advisory 2018-3772-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include cleartext password logging.
24ee55b13e8e98e382761f9e6f5a057dChamilo version 1.11.6 suffers from multiple remote SQL injection vulnerabilities.
50c127104e82ada5240331eb4f691d76HasanMWB version 1.0 suffers from a remote SQL injection vulnerability.
3450f0c3cb39e414616e5617132b49d4This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
7f78f8ca23ae637a5eaf4c38011cf48cJoomla! JE Photo Gallery component version 1.1 suffers from a remote SQL injection vulnerability.
88144fa68a6daaa6a041b5e07e3f3259Apache Superset version 0.23 suffers from a remote code execution vulnerability.
305275d8190fc1d2cd63df2160eca91cKC GRUP Web Design version 1.0 suffers from a remote SQL injection vulnerability.
4a961ba375685bf4edbb7386d1990d4eKeyBase Botnet version 1.5 suffers from a remote SQL injection vulnerability.
c56c96514e7b2c12ae89556aa0befcd7Red Hat Security Advisory 2018-3757-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a remote SQL injection vulnerability.
a2205de1b07afe2f0e4e586bbf67caddGentoo Linux Security Advisory 201812-2 - Multiple vulnerabilities have been found in ConnMan, the worst of which could result in the remote execution of code. Versions less than 1.35-r1 are affected.
5e639e0b243ff077abc2032679809193Siyah Beyaz Bilisim Web Design version 1.0 suffers from a remote SQL injection vulnerability.
71e51cbbee06b5b0e7c8aec68c948a70Gentoo Linux Security Advisory 201811-23 - Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.28-r4 are affected.
97e38014b0f5277a6a8c66b8428ac6a3Ubuntu Security Notice 3795-3 - USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
7f15bb7924328b6121f1a4772769aefeUbuntu Security Notice 3831-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
481e81b6b20a445167d1fc2430b48d4fGentoo Linux Security Advisory 201811-22 - Multiple vulnerabilities have been found in RPM, the worst of which could allow a remote attacker to escalate privileges. Versions less than 4.14.1 are affected.
b2e28734ab3686f7eae98681d8c49d65Joomla Fabrik component version 3.9 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
cee583e8df398e9f206f9451d94be1bd
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed