Whitepaper called Practical Insight into Injections. This document describes the meaning, working, implementation, and impact of injection vulnerabilities.
03c734fe0bc100e2234162e8efb3ea3bUbuntu Security Notice 4689-2 - USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.
5400659ba37710eaa6b249f1d24c9de7Ubuntu Security Notice 4649-2 - USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.
e3181c84ebf88124fc8440988b2185acCemetery Mapping and Information System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
13b51c2660d3b63bd96411a4b133e165Gentoo Linux Security Advisory 202101-8 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in a Denial of Service condition. Versions less than 8.1.0 are affected.
10a03ba321505f8f440a2d98f3727dc4Gentoo Linux Security Advisory 202101-7 - Multiple vulnerabilities have been found in NodeJS, the worst of which could result in the arbitrary execution of code. Versions less than 15.5.1 are affected.
8b174981332595ec9347b63b26850dc4Red Hat Security Advisory 2021-0050-01 - This release of Red Hat Quay v3.3.3 includes: Security Update: quay: persistent XSS in repository notification display quay: email notifications authorization bypass. Issues addressed include bypass and cross site scripting vulnerabilities.
e773185f896a2e376e6f5315784e7699Gentoo Linux Security Advisory 202101-5 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 87.0.4280.141 are affected.
bb4d644e582bd3f8ac9ec502362461dcGentoo Linux Security Advisory 202101-2 - Multiple vulnerabilities have been found in Firejail, the worst of which could result in the arbitrary execution of code. Versions less than 0.9.64 are affected.
e8a34c4864a5d0cb1f6207d62bf6e986Gentoo Linux Security Advisory 202101-1 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.13 are affected.
3a89fff6479017300d6ec9a323c8b69eCemetery Mapping and Information System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
411cd927de4dc77c72949d80635f4523Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
76c223f15acb1a444605758caefc7bb2OX App Suite and OX Documents suffer from server-side request forgery and multiple cross site scripting vulnerabilities. Various versions are affected including 7.10.4 and 7.10.3.
2fbb089c8daa5ef915d9f746ea2a73a4Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
69c15061f1341d5b67f0075fcd3b91a2Red Hat Security Advisory 2020-5388-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.11 serves as a replacement for Red Hat support for Spring Boot 2.2.10, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
b3bdc25df3f101e501f013f1465ac1d3The NVIDIA graphics driver suffers from information disclosure and code execution vulnerabilities. Affected builds include 460.79, 460.89, 457.71, 457.30, 457.09, and 456.71.
363fb14c236bcc3dc1c9ae8c87961a97Red Hat Security Advisory 2021-0019-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.
936db7e77ce10f20206d35312906b1c5CSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.
1ed4df9d15c3b3ca05832e0d79200b0aEgavilanMedia User Registration and Login System with Admin Panel version 1.0 suffers from multiple persistent cross site scripting vulnerabilities. Original discovery of persistent cross site scripting in this version is attributed to Soushikta Chowdhury in December of 2020.
c0088fd63210a6f4ebeb65d5f533a11dHouse Rental and Property Listing version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
a6e015b7f0196d673377897e7e405d0eUbuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.
a029e69b2f2fd6b5ff7a56f554dcb47fsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
c07963ad8b64601adc6f1793b84d5786CRUD Operation Software version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
9aaff9e6958d9377d58feec2ecfba283Rock RMS suffers from arbitrary file upload, account takeover, and personal information disclosure vulnerabilities. Various versions are affected.
496349ae2fd93f703a324dcbbd378676Resumes Management and Job Application Website version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
ff455771a934d45b23ddf81b4813f13f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed