Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information.
3aace51e610892c6e72b5665dc467353Chamilo LMS version 1.11.14 authenticated remote code execution exploit.
5a8f8f1545cefe375862b9f2c4609083Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Various other issues were also addressed.
154fb54d376a39328dac652b07c44eeeOpenPLC WebServer version 3 authentication remote code execution exploit.
b43b406cdd773e40446d95720bd60c23Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
590039c72fd98d00add5038df52eb7a0ZeroShell version 3.9.0 remote command execution exploit.
6136d89b624e83529112cda72e8b9e5ePacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
95203f2b8e1b9385f5e0ab7343853d97Customer Relationship Management (CRM) System version 1.0 suffers from a remote shell upload vulnerability.
fd0485926223aa2206f5546dccf46c64Customer Relationship Management (CRM) System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
df2f1ca3c4905b571716bcf98058482cHexagon G!nius Auskunftsportal versions prior to 5.0.0.0 suffer from a remote SQL injection vulnerability.
d6dd0935d69c6151673cc0768d99190aERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.
6c329df5e9d8646f43166acb54002a9bUbuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.
a565fe2178a44c21cfecd0d125585112Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
a39d9b930a19936b57f097051c0ad509Ubuntu Security Notice 4940-1 - It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code.
5c9054e5dcb84fcca5e0b7bb231e1dfdThe javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.
a07ebf4a753f14e46c966e23a4c3cf0bUbuntu Security Notice 4939-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
af4558d62abbfd5bae4e9822b097ced0OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.
b2ea2bd02abebc013ca6ae8665950e12Microweber CMS versions 1.1.20 and below suffer from a remote code execution vulnerability.
0063a431388f4fe7ccd8fa8d5d7c584aPHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.
72d88bfd629409e56ac9c276b3ce34ecVoting System version 1.0 suffers from a remote shell upload vulnerability.
50bd682d293cd6f65051ddf82595a097Human Resource Information System version 0.1 suffers from a remote code execution vulnerability.
c139e5c61c62259488f405263626f9edVoting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Syed Sheeraz Ali in May of 2021.
8afb5f8641ff27243de8d79704ae5532Ubuntu Security Notice 4938-1 - It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and overwrite local files.
7cbc6ff7f46d7928484a4e834e459fb3b2evolution version 7-2-2 suffers from a remote SQL injection vulnerability.
1ced09b619490337be3ea86e23221667Ubuntu Security Notice 4937-1 - Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.
1ce6ba4e9126d4f4a6fd550fa9b85f39
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed