Ubuntu Security Notice 5100-1 - It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation.
bc2839346203abd22e30f4ef10721232Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.
5dad0ab07935fd852a5f37380715c9c9Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.
b6786101aa6c4cb696251f2b75da6e63Ubuntu Security Notice 4973-2 - USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: #1928057. This update fixes the problem. It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. Various other issues were also addressed.
67f887f3360fc14e1a1b82575e61a138College Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
84866bb31f560e1ed138462bda9a7b1bPyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.
06c0d9021f660b1493c9e09fb8e332daYoung Entrepreneur E-Negosyo System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2760849f509e93f7ee98ccc1565239eeVehicle Service Management System version 1.0 unauthenticated remote shell upload exploit that uses authentication bypass with SQL injection.
243eaba5d6291c10ea45e14a67617fbfVehicle Service Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.
d3cafda8b344117eabc44ad3416220caOpen Game Panel suffers from an authenticated remote code execution vulnerability.
4a44064f3593b04c3c02e8b2d071ef52Pet Shop Management System version 1.0 suffers from privilege escalation and remote shell upload vulnerabilities.
210c02bde43decbb2a8119311298118bLodging Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e4175bcca9ec82a6eda311e7c9e874e1Blood Bank System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b76eb3055e476a79c965525db05053e1Exam Form Submission System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6689a4a7872f85c4771509d97920922eVehicle Service Management System version 1.0 suffers from a remote shell upload vulnerability.
01d3085f8bd760fde3397a0c284829f2CMSimple_XH version 1.7.4 remote command execution exploit.
7c5ab76fd7a908c0d56543e343c41964Cmsimple version 5.4 authenticated remote code execution exploit.
46792c26a9315734cd7d64fb53dadde5Pharmacy Point of Sale System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Janik Wehrli in September of 2021.
67cb3f0f5642965281dd9c95b04997ccPet Shop Management System version 1.0 suffers from a remote shell upload vulnerability.
627f1d99e1a6128d4f0c6fe3fd446a5bStorage Unit Rental Management System version 1.0 suffers from a remote shell upload vulnerability.
5421a7893a6512edbf13aa29036effffUbuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. Various other issues were also addressed.
90831576b5e159be92f9a4a7af321eefCovid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July of 2021.
244e4f5a3652b8edf45eaf6f522a54a4FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.
55a8a0546a607614640ebbecb5a328b5Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
5608f104eebba750eb15f048c91ed22dUbuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
d62db22a529fb4b0551f5eaa73d5af5c
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed