A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.
769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
626a0b8a1438ccde6a1826653d3285d7f2a9a3cd644e2dfcfff06f2bc14e0f9dUbuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.
c7e276778f2c974b0aa76f968f7adfbc3e4984a93e8eaf31675ad13306e8e12aCraft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.
6dada91b5125e5cbc3f8d9cb9d59a5f937052241fe1e5481dab19199fced220cOrange Station version 1.0 suffers from a remote shell upload vulnerability.
5a9f8a0ab40cab9d931909357ed512b4a4e0910b05218556dc4ed1977fa5b4d8Ubuntu Security Notice 6704-3 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
01efe4c147c2288e39cc2669dc4bb7d1e7e1641d78d25efb20089e9afb739cf7Nagios XI versions 2024R1.01 suffers from a remote SQL injection vulnerability.
68cad0f6ebae36d741e3c09fbbc2013acb66e4c861404dd3fb579aa2eaef4245MobileShop Master version 1.0 suffers from a remote SQL injection vulnerability.
5382f069d5f87ca82e7aaa55d06e27880b17bfe303bf5c846c032003643ba5ecLBT-T300-mini1 suffers from a remote buffer overflow vulnerability.
0d5605d4bf931abe29807024d5f54120a110b26a29b7d0372e0c12e6e2b5b118Ubuntu Security Notice 6712-1 - It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to bypass access controls.
a9f0f6ed74484540e723d579471876cf9ff4f03a08ad177e2826858111934cf8Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.
9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49aTask Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
19d5f8c5ea06895a1df525a3f2aa900e859bf45ece3512286a979c45e7883470Ubuntu Security Notice 6709-1 - It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
a3c85443f6ce0636dc4acc75b294ee38bc75374485acad341a73a787d547a0cbUbuntu Security Notice 6704-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
f06bcd3c690a7a1a9aa03506a63b723e669f5ad31c8c9917af3280e58f9883e5Ubuntu Security Notice 6704-1 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
6ed1a66dd66da03109747a9db9ed61695441d8d245bcbdd9a6cefe18cb9a4b2cLektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.
12e46eeac4843dfaaf4f61083381648a44692cd6a4aade7ab73a5901f82f2336Ubuntu Security Notice 6703-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Hubert Kario discovered that Firefox had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.
8925f4bfe2e00238817e4e82aaa72fa22ab5cbc166f07e21afc8f8a239ee2279Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
29cd0f77cb023005e072aa804706b800801834d76af7a7c5e48d06e82ffa8bc4Blood Bank version 1.0 suffers from suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021.
d95668292b4799b2459459dabbaf67baf0ecfb0c50e8731e1aa0858d71bc0d09Simple Task List version 1.0 suffers from a remote SQL injection vulnerability.
3d7d08d11026b2dd3229567d42244f4b661bad830d96053161fec984a11d837dTeacher Subject Allocation Management System version 1.0 suffers from a remote SQL injection vulnerability.
70201b7921db68f4cd1eabfe9d49fef650e64263d687be24d951e0f1d2287e83Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.
a6b19ec46406ffd95a91f57125dc469d0979113c3d6a82b162a1b682d2ed2ecaTramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.
b6a01bb6956141a3ae4c607cc789894c67a647629befb99a934046f4a4a462f1Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cd96d379383fd6bc85ab4e185183931ea6b236dd9b5c004203a06f94f9bd9b70Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.
0aa128553cbd5a516cc713b76e3dc3f366da8678b4aba8459dee773880a5c164
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed