Socomec DIRIS A-40 devices versions before 48250501 allow a remote attacker to get full access to a device via the /password.jsn URI.
baec89aa472335274e4cf2482d44a22dOmniCenter version 12.1.1 suffers from a remote SQL injection vulnerability.
28b57fa937c5b2e3827d3c80243edbd5XNU suffers from a remote double-free vulnerability due to a data race in IPComp input path.
f107571d24ce915ad24992a19c351dc1vBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.
2bd3e76b0d1ad20fdb921832d6d49f29vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.
cd33cc4dfeb49e4f86dc27d6697a4e0aUbuntu Security Notice 4148-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
16733b418df766b5254b97c4b08007b1Tellion HN-2204AP router remote configuration disclosure exploit.
2b86e240e4fb20ac50061d52fd737d66freeFTP version 1.0.8 remote buffer overflow exploit.
7dfb5716d284763bd7918b63f0a93998IcedTeaWeb suffers from multiple vulnerabilities including directory traversal and validation bypass issues that can lead to remote code execution. The affected versions are 1.7.2 and below, 1.8.2 and below. 1.6 is also vulnerable and not patched due to being EOL. Proof of concepts are provided.
ea6508180f62fca63a4c9cdbaca675adIBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.
8ae1f789332dbd08c91e2e0e13536381Joomla versions 3.0.0 through 3.4.6 suffer from a remote code execution vulnerability in configuration.php.
3dbace36f03416b2067e44c5ab4dfc35Thailand Union Library Management version 6.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
72bf47bf8eaab7c228ce951378e6c581Debian Linux Security Advisory 4541-1 - Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested "multipart" body is processed.
0c6e8369712db46f7c5651015d394e76CA Technologies, a Broadcom Company, is alerting customers to a potential risk with CA Network Flow Analysis. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published a solution to address the vulnerabilities and recommends that all affected customers implement this solution. The vulnerability occurs due to default credentials and a configuration weakness. A malicious actor may use the default credentials and exploit a weakness in the configuration to execute arbitrary commands on the CA Network Flow Analysis server. Versions 9.x and 10.0.x are affected.
8114522ce19045f44906d1e2af524b4fLabCollector version 5.423 suffers from a remote SQL injection vulnerability.
9544cc6a3f598df0468c1d7e6829fbdaUbuntu Security Notice 4146-2 - USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
c06119b41a97548f941ccf99891243cdHisilicon Hi3518 HD camera remote configuration disclosure exploit.
bfcd9951e1db1e9212930f1ac9a13d92Dongyoung Media DM-AP240T/W wireless access point remote configuration disclosure exploit.
0d57c8105d3612e57d08a7865f1390faTellion TE01-005H HomeHub router remote configuration disclosure exploit.
9adb7a7f59b731ca830dbc397e0df0c7Ubuntu Security Notice 4146-1 - It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.
a9a55b14cbc898f086394a690f0498eaDetrix EDMS version 1.2.3.1505 suffers from a remote SQL injection vulnerability.
559c3e337f3b296e25d64d2b9113bd14Notepad++ (x64) versions prior to 7.7 allow remote code execution or denial of service via a crafted .ml file.
f8a4557604cf8293c54fe98904c1a95eCounter-Strike Global Offensive (vphysics.dll) versions prior to 1.37.1.1 allow remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, using a crafted map that causes memory corruption.
fea64c52d27539e7afc0c1d21a328d3fLG-ERICSSON LN202-003H HomeHub router remote configuration disclosure exploit.
fc594bc6b78ed6b26e191ee2958732fdRed Hat Security Advisory 2019-2945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security fix: If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw, can be used remotely. This can result in a remote denial of service. Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. Issues addressed include buffer overflow and denial of service vulnerabilities.
a87b3a5a1e36d60f2f04b5816c45a291
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed