ManageEngine ADSelfService Plus 6000 unauthenticated remote code execution exploit.
0261c2ef1439e755fd4c0111baa4b914Gentoo Linux Security Advisory 202008-5 - A buffer overflow in gThumb might allow remote attacker(s) to execute arbitrary code. Versions less than 3.10.0 are affected.
6079dfd95b3c1cbab40ba699c0ff8af7Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
6d82476f65ba61ff6c5cfee3aa5d1d0dGentoo Linux Security Advisory 202008-2 - A vulnerability in GNU GLOBAL was discovered, possibly allowing remote attackers to execute arbitrary code. Versions less than 6.6.4 are affected.
c31763322e1337796431bbb6158d0fc0Tailor Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
8698574c326306e45ce56e22c93d48e3Victor CMS version 1.0 suffers from a search remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to BKpatron.
68049baf49f74824b0b93ea4e1fc7670Daily Expenses Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Daniel Ortiz.
1e0fcc5209709de3fa6c0c22a21e0f65Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau.
a86ff9fc24a454605eb91b9a93042a64Online Shopping Alphaware version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version attributed to Ahmed Abbas.
204f998c116fde2ccd7e7f83d5a48685Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.
f490bd6674a82d8af4d84ba15996c17fDocumalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
0d0a1918990afa2cbe664861b2ed5a5dDaily Expenses Management System version 1.0 suffers from a remote SQL injection vulnerability.
9e6e99fea6a5022fef764d130ffc1573Pi-hole version 4.3.2 authenticated remote code execution exploit.
c974a233e43e84e556dfc6ea373f51a4Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
1d51fc20c08bea73509e929eb29de8f1Car Rental Management System version 1.0 unauthenticated remote code execution exploit.
fc76a860fbf88ef19ed2574d10b76719Ubuntu Security Notice 4445-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code,
e5cd22ad9394fc8739acbf87db5ba61dUbuntu Security Notice 4446-1 - Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Various other issues were also addressed.
0645410abcb063dfc2a9e47806b54c82Stock Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
86a8471246e2649f885e68626bf61d29Umbraco CMS version 7.12.4 authenticated remote code execution exploit.
c6a4a934c6775c455e5e4f225dec66c0OpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
0c4b5a66f0b188dd68ac3a5de13961d4Ubuntu Security Notice 4444-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
41e64fcb2adc18e2a3f8f179c1a36e11Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
c707bd94569962d87610241093f6bc0aOnline Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.
c24d92ba32b907f53df823c312feb8d2A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.
1951b8a6649841f289b9e4feb3f9e3b0Gentoo Linux Security Advisory 202007-62 - A flaw in PyCrypto allow remote attackers to obtain sensitive information. Versions less than or equal to 2.6.1-r2 are affected.
80d76ca85d2e9711881765ca3dea3df9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed