Simple Inventory Management System version 1.0 suffers from a remote SQL injection vulnerability.
8e51d27e9d209102d0cc21f4fcd8ca293e548ced1856940a8a497960d3d17967Flashcard Quiz App version 1.0 suffers from a remote SQL injection vulnerability.
2d19f05f546a17fd7531fb2d8505ca2f52f76ae282a5f46a1b55c2ced76fd1efFAQ Management System version 1.0 suffers from a remote SQL injection vulnerability.
2ea51098a949106e71b766b144109b1be9da517c51665344c9ebb17028a158a4Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.
01433d0ad222e5da0927202b151b19c29afd6ce5f59f4e0b3302a97ed91a29bbThis Metasploit module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve remote code execution by uploading a malicious extension module. All versions of ScreenConnect version 23.9.7 and below are affected.
5465f1cab9f564966ac69e4c23f983ee109116e8a263d414680ea78f05ecbd2aCMS Made Simple version 2.2.19 suffers from a remote code execution vulnerability.
a3ad3dd9895a3078f1d089deae8fbb53622866bb6909e7d8f5c58295b26bdf2fThis Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
517cb3bdebea0c5e8bc6b809e873babc0faf56250fbc150da2e1a5d269f4e7b7Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
c72593cd020b70c074deb6be89fd467cc478f83334792bd3c97e0f5753dae9cdFuelflow version 1.0 suffers from a remote SQL injection vulnerability.
f20df871b015a83f2890d65c542097b8e2ef692547a8a6b09c7f09efd6242502Ubuntu Security Notice 6643-1 - Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery attacks.
c16ecfe30134498bd139552611380f432fae442982648114d6b239d58d36cbcbUbuntu Security Notice 6642-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
59690fe75ddf72adb23e500a05f4e810c75b29c755af18781f7010d4def3deacPetrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.
17ba90fc439b26fdb9e7248c02187a9cca9a6bc58f83413a24bc776a007f4e2fTourism Management System version 2.0 suffers from a remote shell upload vulnerability.
1ae5b995d0df6c7d5380487c5e7a5f6326a545ef4255195c833afe8afb4e1c6cUbuntu Security Notice 6641-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains.
a7d9ffd24a024ab8781ee9e6e2b5c442a80ad8acaf458870a637f085aae82d59Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
c1b77ea663583d7b2f9d45426761c56ddbb0b4ac671059fc79dbe605a5da5b12Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.
f6a33c383a67744f956589ebca1e53b97ec85a5c78492b16031da34f30606da1Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.
741d35d4bdb23d0b8fa49dc043b5dea8050951485082052e828d295f45be0db1Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.
f4454cfd0cbe05bc91dbf64927220dcb289f6b1c63b52526cc67f7720db5413eGentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.
baabebed21673e40b564e5721f4a8c2ad8b2d62a34a694a4ab0c3fd9b9eddfdcEmployee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
eac3ee07605d15d68a5d408fecb91498a9bfab9973368c0e16d4816f4539dc97Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.
79e0825715a2197c39850bba10de0d238187f4c93dcdf24c6b31b702cdb3131eWonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.
371582d2faf62d5876bcf7818755a049e5f6d427635c029647db990dfb673374User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability.
a778aabc9984b218ebd37f1e8af2db7ea6c66baaade706530c48a38013537c6fGentoo Linux Security Advisory 202402-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.12_p20240122 are affected.
f750ece2412bd442b32f28c4f91c17860985bcc25963c561ef6f01fd67d8ff64Gentoo Linux Security Advisory 202402-13 - A vulnerability has been discovered in TACACS+ which could lead to remote code execution. Versions less than or equal to 4.0.4.27a-r3 are affected.
04638808355566c54197cb75af68f1998cbd5ed25d7e8f0a438f1ae5fb0072af
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed