sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
3b3fb0f213139efb76e7a95ebcd6e3790c70a23fca8f3c753ef14f72ea7fdf01Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
68d42aac4a9cbde293288533a9a3c3d55863de38f2b8707c1ef2d987b1260338Active PHP Bookmarks version 1.3 suffer from a cookie_auth error-based remote SQL injection vulnerability.
bc6c261640dc9ec14bbb6fb90549a793ad4f78ba2cbdeb8d88bdf7997814b910Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment (without any actual setup - no domain, no infrastructure, no actual email address) to assess people's action on any given situation and gives ability to understand what is the current awareness posture. A presentation for Phishing Simulation will be at Defcon 27.
f3dbdecca062fb9116c5844f62eab08929b20b39c684907e9359ccd7f2b6d8a9CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.846 suffers from a reflective cross site scripting vulnerability.
8b1c696a73f9bac0e96c917432a4e295ca1c20adf0976f10d1b7af7562e21405CentOS-WebPanel.com Control Web Panel (CWP) versions 0.9.8.836 through 0.9.8.840 suffer from a user enumeration vulnerability.
249523e5b9f8b707a9f33250984e1a77d557a89613eb737528f2c8b3cd52a307CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.
f863e7a790b489ddb7c3a435fcfb5db2ed269f587f3614f2de0db4a51a1190fciMessage suffers from a heap overflow vulnerability when deserializing a URL. This affects Macs only.
2f5c0ce4f32d1e01da4624b1c0fc401f0c5871abc917b01bf2bfc9d63f3d6a34KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class. When a .desktop or .directory file is instantiated, it unsafely evaluates environment variables and shell expansions using KConfigPrivate::expandString() via the KConfigGroup::readEntry() function. Using a specially crafted .desktop file a remote user could be compromised by simply downloading and viewing the file in their file manager, or by drag and dropping a link of it into their documents or desktop. Versions 5.60.0 and below are affected.
b976357316212f652d1a32df71b0bd1aeac8e5a5a6fef96198aa227ed6d6f007Ubuntu Security Notice 4049-3 - USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem. It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
9dc55ff1b693e5d3d4b82f7f05059f209d64a02fae37e5a573aa9a97cc9c6fbdUbuntu Security Notice 4058-2 - USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Various other issues were also addressed.
9ba9f0cddea4221c044081def8b0eed7869e1f235dbf33ec2c842c12899fcda0Debian Linux Security Advisory 4491-1 - Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands.
172bd5940ff91d454bf01ec17520021f22a09955366c6f11b9fd5d677cd6cea8ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.
68b1f5ef4f43ce98748eca51235dfb77dab8a8340683912b52e996264a98eec7Opencart versions 2.3.0.2 and below suffer from an insecure OCMod generation remote command execution vulnerability.
699ebad19abcdcb6acf896d77ba1965a97e44a4bafcaa503ccf6e82d543be648ATutor version 2.2.4 suffers from a backup functionality remote command execution vulnerability.
06e7c86f7744d78ae2778cf7d8005061d4ab736263b7669b8d90987a354be32a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed