WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.
0537a61d8c7e168ee93f25ae88cc62b13741cb186c02291ebc2f946f834cd81fUbuntu Security Notice 5651-2 - USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack.
759a27511c8f487803c7aa104783c2c246c6fddf62edc3b8d14f204cff8a093eUbuntu Security Notice 5651-1 - Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack.
307727d9f9df8f35a12cad1acef25cb191f668ed5401e4156a8ff7369ecdc831Ubuntu Security Notice 5653-1 - Benjamin Balder Bach discovered that Django incorrectly handled certain internationalized URLs. A remote attacker could possibly use this issue to cause Django to crash, resulting in a denial of service.
9243a60f7904a4b165533d79fb778a5eaf28db2dcb1af8c5196198b7945e326eCanteen Management version 1.0-2022 suffers from a remote SQL injection vulnerability.
2d4328d6484fdeed0350fcb19dc9fe4f3d5499e3bb9f44d105865efdc3315733Ubuntu Security Notice 5652-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
da237cf0c69ad0299d2d45386e0353a125c52434eb9c8e1c7b9ba1d5a9cfa13aBackdoor.Win32.Delf.eg malware suffers from an unauthenticated remote command execution vulnerability.
647bd7e9095b288a89ae94fb9fdf863e6f1885af0b181b032ba01f65602b3f36Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a remote SQL injection vulnerability.
af41f883caada44f1dff993f8717a577f62a5db925c277a7fdd1059acaa38172Joomla JKassa ShoppingCart extension version 2.0.0 suffers from a remote SQL injection vulnerability.
1d286657a6509ab45feb55b36b0bc01dd8f56873e7fc43f5845bda2adfc98272Joomla JUX Charity Hub extension version 1.0.4 suffers from a remote SQL injection vulnerability.
dd85f026aa28d0d837d9b8f6e68a55f63645f20a0ae801b2099b5ca88441771bZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.
2f5ddba7cf7e3024ddc6ad5a39968b8c149a652831c65c828f1565ea29f0e84dGuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.
7379f5703f8c8447e89b8393459ce54d04deb30eed715a6df6b281a1b380609bJoomla MyMuse extension version 4.3.0 suffers from a remote SQL injection vulnerability.
5deedb4e9c6f4ba784330c0618c0b611b0d2f5c953c41021281d833c3fab451cJoomla JS Jobs Pro extension version 1.3.6 suffers from a remote SQL injection vulnerability.
1660f7d887aa22210db0f906f32132f8374ecb3142a0efecf10ad4eff14b83faGentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.
cdc8ee89e740628d11a899ae470b25cff194a96171905579abdf7bb65d0a72c5A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.
d94efabfad9904e592ec82124c03316f4ce8b774ae57879750a98a1445884262Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.
46c4a791137670f7e5bdbac84f1b17ad4b368c2214d2709f79e8c9bd7c67e379Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.
fa94546c58f17991b5a646049ec8ec30cd923dd7fcf8ea2301f30eeeb7d86f13Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.
dba8c93e85cd1df6195d39d4a331df0a884b158c86b28ffa00bd3dea43e7b6baUbuntu Security Notice 5643-1 - It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
9ddb6beb5a0c7f182f8769c40dd4c0e7d3469c4fb93b3442d282bbf5574f3e0fUbuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
a741c88fdbcebba263f141b68dade06af9876160b8164996177be9bce2fc3196Ubuntu Security Notice 5641-1 - Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.
e3be1c2d3e1c33766fc12005e97a52783721d5bebbcafa1253447b986f555895Food Ordering Management System version 1.0 suffers from a remote SQL injection vulnerability.
1be2c696b62c411f0a88c3819a1d4653e0f042e7aa59018ccd5596555ca02a4bUbuntu Security Notice 5637-1 - It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service.
62acfeee21a05d07af7c6e293d6841f7a19ff21ba74bd33367cd0ea77a38691a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed