Ubuntu Security Notice 5424-2 - USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
0e0e7d427185a4265212e9573a0d260655e14290d1cec821dc663cfb8913d341Ubuntu Security Notice 5429-1 - Thomas Amgarten discovered that Bind incorrectly handled certain TLS connections being destroyed. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
55ce2e3ed595a0e54481d0b59f468b92eb5b3652c3537ba65ac53e265a0140eeUbuntu Security Notice 5430-1 - It was discovered that GNOME Settings incorrectly handled the remote desktop sharing configuration. When turning off desktop sharing, it may be turned on again after rebooting, contrary to expectations.
0caae1f837e57963485b670c7a2e0b364633d4e5ddcf44795a2923c570f64b8aUbuntu Security Notice 5423-2 - USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service.
8e4b8948d5e1b928c53f47538c39a5720eb5d9b54a8e9ed63566bd719e26428bUbuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
622b2eaedb770c0fbeedd05eb4c12c43e234131acf0a55523407bb64c0dc2e6dOnline Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.
4ee8e26b03aaab698cd44b2e3b37998f1e0a8d62d370fcb6c7a0fa3cfbbfada8Ubuntu Security Notice 5423-1 - Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service.
8a7e6d56f5558ae8bd78cd46e08c6dd48ba55d4079f3389737d0e448d3eb3555T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.
45b5224650ea3cb883a0c405f3c4d76eef8cc2dbc8f3fb98282c4ea633d2e202WordPress Tatsu Builder plugin versions prior to 3.3.13 suffer from an unauthenticated remote code execution vulnerability.
632f285a1a3ec46f04fb233958d273d11b2e22568b10b2920f52c77d06e276eaThis Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.
ab9073cd14f8ea730621aa93b69a0d03cb5f9d8e92dbc88068fca19ff77f6fabIpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service vectors.
98c5f3ee4fded068839fc2a03bbd74be24dce6bd2b2774a8a477b3d476489bb1Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.
d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bfHighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.
11e531f865e4da1f04161aa0a4cb5e11bbe807e029d3818481e6c9fa1d18a1e6This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.
bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0adCollege Management System version 1.0 suffers from a remote SQL injection vulnerability.
b22b4daf0882e631e72558215fc7c93f3286e35a1f1f3a8a70f7fb9b95c0a356Royal Event Management System version 1.0 suffers from a remote SQL injection vulnerability.
884c0f6e25d5c7878c15b69a5867168b87afcc090d923b7b1d8d3da4f3da329dF5 BIG-IP version 16.0.x remote code execution exploit.
f5638973e5c1c81d7b5bf21977de0671c9081697e4ab7ad0ccd0963b8abf883cUbuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.
477ec6bff1dfd28bf6df200de8f8540192a02b1e6306fa486d364e719ff4bca8Ubuntu Security Notice 5410-1 - Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service.
024993daf9b959e9075f012157b05fdba5d56fc13c1c2804f9ed1a134b8f5c7aRuijie Reyee mesh routers with ReyeeOS version 1.55.1915 EW_3.0(1)B11P35 and EW_3.0(1)B11P55 suffer from a remote code execution vulnerability.
9905dae507eb8530625d18dd769fb31462b102ba1ef93e4d98767d53ee920b23Joomla SexyPolling version 2.1.7 suffers from a remote SQL injection vulnerability.
24467bea113b84b81b21b6432a86a6b8f1a19434f5022bdee1963531502e80e0Red Hat Security Advisory 2022-1964-01 - Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet for retrieval. Then Fetchmail forwards the mail through SMTP so the user can read it through their favorite mail client. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
56a9423de5b90a5b76974fef202cb8350dc94cd1c401b9fb36ecb0edbd6e7fedMyBB version 1.8.29 suffers from a remote code execution vulnerability.
b1964aa112c7c928f79b7073c01f6cb887bfbe9b8361eee6191d68c8574b9832Google Chrome version 78.0.3904.70 suffers from a use-after-free vulnerability that allows for remote code execution.
a9832a52e5893b9811e27a815ed2c4abdf52b38a82a53ef447ac4925b565d934Anuko Time Tracker version 1.20.0.5640 suffers from a remote SQL injection vulnerability.
e4482fcf6e8633bde341b060885eef6ee281ae2dd86d01b3a88b52afec8264a3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed