Joomla BreezingForms version 1.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.
7943f915b1cbe49c75909c8ae1ec9523WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution. Multiple versions are affected.
a72f52417cb554c8235929474eaed26aIPFire version 2.21 suffers from multiple cross site scripting vulnerabilities.
75abfd5574dfd7e833680aac9c79042dApple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption vulnerabilities.
ed3aa2ea9a8143e4941c2fae30b17f61Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities.
1dc32512f9bf470a0aa2faaf5bd63f2dSAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities.
a47c5206828796cf3e2e422be90d87faApple Security Advisory 2019-2-07-3 - Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities.
f8403109d411196a3673f3ceda924d25Debian Linux Security Advisory 4386-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
0b5291ca75b37da8828dd930b9951035osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.
8fea5cf7d607b45bbf0739919ed24e08Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
db5ddb42f112cdaac1ac2d70bcdebc9aWordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.
a45930f318c3daf72f829b4afa303a37WordPress Forminator plugin version 1.5.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
2afe6529f7b9766f6122210d9142937eOSCI-Transport Library 1.2 for German e-Government versions 1.8.1 and below suffer from an insecure cryptographic implementation and signature bypass vulnerabilities.
7d8dfcb6bbea4a458be7237a76e44121Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
2d023cb3c984583f2c891fe07f43d4acUbuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.
487a306925c7e670db035236bdf205f4sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
b9e8559cf071037f2344a0160a237897BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.
f23f6c76299553ece645020b9e371c87Ubuntu Security Notice 3879-2 - USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.
7d67540e48e386ac0d76ffd1bd9f7fbeUbuntu Security Notice 3871-4 - USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
36d11c033b19812d05a44d2b48c6688bRed Hat Security Advisory 2019-0265-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Issues addressed include open redirection and other vulnerabilities.
4365e7d5957ed74698d42c4ed284dda8Debian Linux Security Advisory 4383-1 - Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure.
9d556a5a042cb152144c37fd812f564dWordPress Ultimate-Member plugin version 2.0.38 suffers from cross site request forgery and remote shell upload vulnerabilities.
f61b91a24dc98849236a6c36c3e9540eJoomla Jumi component version 3.0.5 suffers from database disclosure and remote SQL injection vulnerabilities.
891d58fadcc2e9f34fca96f7a92cc2feJoomla JoomLeague component version 2.x suffers from database disclosure and remote SQL injection vulnerabilities.
6681d25f45fcae62008771934b0df4a1Joomla RedShop component version 2.0.0.3 suffers from database disclosure and remote SQL injection vulnerabilities.
eeab626142b50fe01dccd2eceaa362c5
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed