Twilio WEB To Fax Machine System Application version 1.0 suffers from a remote SQL injection vulnerability.
245609d1c0879b49d8a3b66b10944d91Ubuntu Security Notice 3854-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
f8474b7b46329623febcb7514c73d299Ubuntu Security Notice 3853-1 - Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks.
9dff487091705ecddb0783a58af51804Various web design firms such as EstudioNeoFilms, Grupo LosGrobo, IdeaSeven, Informatica Icarus Diteh, and Netical24 all have produced sites that are susceptible to SQL injection vulnerabilities.
f924892391cf79940be495a27d89509bDebian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.
2b825f3bca76165c30b5aef53b5d1a60This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability.
385bd5fbbfdc9bc89d35cc72bfbbbe12UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
c1ec221727b9cd2ac06a67b4c61830d0sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
1a3875f12c086f1c3924014c72cdc928Red Hat Security Advisory 2019-0010-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
faadd3788ca90ff4abd0d9508d573eaaRed Hat Security Advisory 2019-0001-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
2dd37f88ab4551f6576438881aa0db3dSugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.
0a73c52a5465fdc38ae3bede2f424098SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
bc08aaf51fef23154d37431b75e27168NIP Kompanija Novosti A.D. Serbia Web Design version 1.0 suffers from a remote SQL injection vulnerability.
8722310b958be6cc9bcf2493bd19eed7Byte-Elaborazioni Web Design version 1.0 suffers from a remote SQL injection vulnerability.
efb608dbf782836782c184c3cf72e5b4BuInteractive Web Design version 1.0 suffers from a remote SQL injection vulnerability.
bde94d27db3e8dc62f7db9fe08064093BTOptions Web Design version 1.0 suffers from a remote SQL injection vulnerability.
a6079ac5b740d2d16c1b0105f97c54edAtelyeDigital Web Design version 1.0 suffers from a remote SQL injection vulnerability.
eb08086917e3bf86eac6d24c52101853Taiwan GPS Satellite Positioning Passenger Web Design version 1.0 suffers from a remote SQL injection vulnerability.
ad226292ab2861f289f560caaf1acb59AnimaxTechnology.in India Web Design version 1.0 suffers from a remote SQL injection vulnerability.
851a6bde508f1cd0402ffc9e23ded7abNwebProcess India Web Design version 1.0 suffers from a remote SQL injection vulnerability.
bc16450e47ad8b878b50cf94c16c9caaGRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
f59ee504fb8d7b294b254fec635878c7SDL Web Content Manager version 8.5.0 suffers from an XML external entity injection vulnerability.
8c888db318e22cc6df0250cb0808f558GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
75619a460295d7f2c168d79170733881Red Hat Security Advisory 2018-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
fbd38bb2a680f9d27e5a1e276b257275Red Hat Security Advisory 2018-3831-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
ebeb7bb38ac5254f369742495d0aa131
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed