Akaunting versions 3.1.3 and below suffer from a remote command execution vulnerability.
8d4933e0c1b3efde90f0ca90ae286fa4036671aa25168b79c0dd977756a0f6b1Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.
a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7Ubuntu Security Notice 6682-1 - ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
17369ac09ff469d577917f6a11d6b237c679de121e53f191d4d051615739e955NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.
937864e92a9493aa55230c661e22af5ba23fc573b0d4f507979622c61443310bUbuntu Security Notice 6679-1 - It was discovered that FRR incorrectly handled certain malformed OSPF LSA packets. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
3efcd48e104a143fe730fd8974e6c97f3e55c468d9f86582780097369d74b591Ubuntu Security Notice 6675-1 - It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
d491a79e75514bf25f975567ff41507638e98c09cab54bfb9d5dcf4332bfbb3aJetBrains TeamCity versions prior to 2023.11.4 remote authentication bypass exploit that can be leveraged for user addition and remote code execution.
1eb2994a182c4436527b7e141ca0fa83da6821b9a33465277fc30e0e77a404f3F5 BIG-IP remote user addition exploit that leverages the authorization bypass vulnerability as called out in CVE-2023-46747.
8e2ae8616e3f49ce4b6b8d7d60b60b5b38f7d2f1025eb35aadd47b408f83606cCustomer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customer_support/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020.
718d48eb7ca237f5f3ee83bb6118e210de87e3b83055bc4ece1ed2ad4b88e9d9Ubuntu Security Notice 6674-2 - USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
997b193005614a4286e157f3adb9ede1701e065c5ba4f071d3dffb9741612a72Ubuntu Security Notice 6674-1 - Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
8724577a7a85c8ee06c83d3ec00d4db888a3a2260fa6a62b92f39b2d23d729c9Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48aWallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.
77ba729fac9fbd6e562f329a83458d57ae71f13aaf4f55db7da1328097365d1aGentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.
bd25f2b467d833795026292ee1d9110cf019aaca57398e04f9425d2375388e5fPetrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.
0f0040501420a8f8ddd6c7f12a7f7140cff7687749ef9d7f7d32928b820114f8Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.
51abe5321193658e358ef6153227465b3009062f89a267703a6584db36a564dfEasywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.
02674567c5d503f91e947ba06aece45751ee04aeffe5b6edc3dfffb994976693Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
fa597d50e9f8b5bd302a8783ff6dbb02dfd40c5672ca6442aff828f6a586c095GL.iNet AR300M versions 3.216 and below suffer from an OpenVPN client related remote code execution vulnerability.
0bc765cb78e3663fd69f067daec79c26a082e75d184e6d211c3b136d90337022GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability.
9270490cd001ef107453c4f557a02b7ca323b54f6f7cbe828cf79a16dc19810eEmployee Management System version 1.0-2024 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
01f9a437e502773164c42d18db293d6d010978a568703d9945cb9bfe002238b5Real Estate Management System version 1.0 suffers from a remote shell upload vulnerability.
839e1e676d2dbd464ca5097616ef9a9bec7bfb837d94aa2a8ab1088675a02115XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.
388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47bAC Repair And Services System version 1.0 suffers from a remote SQL injection vulnerability.
968e1e9ea2480d617b49d7df215b4108c9bc3eb6c59822b95bb40c30e4220cb9Simple Student Attendance System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
6b7b532debcb16f754e8a23e15c6fb12f3478fbbf1e0f8342fa31ef1ea31bcf1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed