Red Hat Security Advisory 2020-0111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
36adb5f774a4e684239d2466916380ddThis Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
9bf16d3b24df38008118d2a86f469b2eRed Hat Security Advisory 2020-0085-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
27d1f7894855bbe772cc12a4aca4b134Red Hat Security Advisory 2020-0086-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
4037d1911aa9507b6c6224fdbdce9776Ubuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
c85cca82ee0dd4f5217de8cc90b4a010Red Hat Security Advisory 2020-0084-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.117. A use-after-free vulnerability was addressed.
ef00de891f14bcadc1cb2100710b1e4dDebian Linux Security Advisory 4600-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.
5c389eae58b71f0e5752b71079631732Debian Linux Security Advisory 4598-1 - Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retrieve password reset tokens and hijack accounts.
c6581f7a746d8444fc15505cf63908ceDebian Linux Security Advisory 4599-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.
4cfa3cf73bd5ad4d9281921b1a5f55a1Debian Linux Security Advisory 4597-1 - It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers.
f0f479f5c550a02c1106263b7c463eeeAdaware Web Companion version 4.9.2159 suffers from a WCAssistantService unquoted service path vulnerability.
99f266127d433f435cf6f7c6e805b77fKarakuzu ERP Management Web version 5.7.0 suffers from a remote SQL injection vulnerability.
a8fa1ad24436b2f3a5c05a2b660a030bRed Hat Security Advisory 2020-0005-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.88 and addresses a use-after-free vulnerability.
2d5c328bc8a4cbeaec39780236b20c63sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
4e346f6f7a6d4c3c9bc9de36413c7fc5RICOH Web Image Monitor version 1.09 suffers from an html injection vulnerability.
5e18cb775b04704a5782215fc6330fa8GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
7df8bc2c0ab8d2e194c383c9d4df7169Rumpus FTP Web File Manager version 8.2.9.1 suffers from a cross site scripting vulnerability.
e8cd7b0d4d80042cf785c07043e43423Control Web Panel versions 0.9.8.856 through 0.9.8.864 suffer from a phpMyAdmin password disclosure vulnerability.
350c05e4dacfce98d3811879f2066056Red Hat Security Advisory 2019-4238-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues addressed include buffer overflow and out of bounds write vulnerabilities.
20980c96db48008e7dd521ea466566daRed Hat Security Advisory 2019-4201-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a denial of service vulnerability.
08e20393122a6da4e8925ddc027a47b1Red Hat Security Advisory 2019-4126-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include bypass and denial of service vulnerabilities.
602096697b45c7d0c9c93c83cbe8fa44Debian Linux Security Advisory 4580-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
5176500062acdb776a9d23f488f2b8a8PRO-7070 Hazir Profesyonel Web Sitesi version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
791eab6baad5a9a9903848ffb987623dRed Hat Security Advisory 2019-4111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
fbce1768ad1633dc0cf0179ec0309414Red Hat Security Advisory 2019-4107-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
6bff7ac71ae7e89a366b71e05135ca0a
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed