Ubuntu Security Notice 4677-1 - David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.
7cdd2fb4df94ac94c2773c43856730bb74870535269257d9636adf519cee4cb3This Metasploit module exploits an improper input sanitization in SpamTitan versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. Note that only version 7.03 needs authentication and no authentication is required for versions 7.01, 7.02 and 7.07.
cc011f3d97e6e780eac9a8ecaf045f486a51374234b82311aea352d9a57efef0Node version 14.11.0 is vulnerable to a use-after-free bug in its TLS implementation.
1f513e648d5b8f3a7fbacd8992a272057c993baa2d4402fc73136e7984a51276Ubuntu Security Notice 4676-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
1988feb5edea2e463ec15dc77d3dcd292ce3dc6744a2deff06da2ff799e10635PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit.
3726f2fc1651bd0eeed4b2842077106b9266fafd2395f49bfb65b2d0d32d68f0Online Movie Streaming version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a0949187217a27e15ca4363c06a4c7b895ea92b903e40b9028799d0067528810zyHell is a perl script that scans for the ZyXEL godmode backdoor account.
7b324658204795efdfa737a1dcc7189645442e801087b1adfb16a65ba9784029Online Learning Management System 1.0 remote command execution exploit. Remote shell upload was already discovered in this version in October of 2020 by Jyotsna Adhana.
a1727471b39047398a8e3b77406ad2990468c0c143c7bed74bb24dffadb3baf0Red Hat Security Advisory 2021-0024-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include a code execution vulnerability.
54cf3d212c8904ce22d97eb9790716305372dd6204192d4a7d1b9cf5604d0cb4WordPress WP-Paginate plugin version 2.1.3 suffers from a persistent cross site scripting vulnerability.
3e5a7700d8820decbb36099d03d8d861d4b9a580772e107b9e9e50a1d5822aa2WordPress Stripe Payments plugin version 2.0.39 suffers from a persistent cross site scripting vulnerability.
dfe92e58a9306f92924dc28686e0dbb61305769ebf49747157b4f026ecf280f6Klog Server version 2.4.1 suffers from a remote command injection vulnerability.
c4d49bbb6aa298ab790e96bc0bed872c2d9c52390ea9e2f22b668c5bb074580eUbuntu Security Notice 4675-1 - Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL.
ff5ce8003f2e61e5233d4e6f3e0558bb7911837b0c1febff0441e908956334bdResumes Management and Job Application Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
20e91fdc96738c8fb87124d69ec14adbf144bc99bcfef774386fefb62587c817Responsive ELearning System version 1.0 suffers from a remote SQL injection vulnerability.
250300a91ed60f2e2b9d34d0bdf04cc6a4b79ecc8337ad4c69144b953a99f27aBaby Care System version 1.0 suffers from a persistent cross site scripting vulnerability.
78873598cff4cc0d76cd22d17ae6e5c3ac48cc7362e7a2cc67c5a6b3694d8218Red Hat Security Advisory 2021-0019-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.
4b70a080e6c7a9900e97aa333277cca0b89e0f48ace7e7ad9e951896bae1a07aResponsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.
e60dde7a6fb3e57f25bc60645a9e6b12692e86e856f5127f0306b5a233418882Fluentd TD-agent plugin version 4.0.1 suffers from an insecure folder permission vulnerability.
32c1afd2e9cf2721e7982eeebbb999f4f3c5ef833c094b88b0085f3fa6fc4c8bURLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
abf6014c2578e1ae5a4c8e69728d1a8219ca02ec17fc8be82f354c8560d0f4a5Ubuntu Security Notice 4674-2 - USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
e94c080f6b1bc1a3086714f53bcfea59c6d596accad785d27bbc52b1a533a04dCSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.
79f1df60bfb3aadd09240d3b2f1db88b5dd5c450c8c2e5cd822fcbfb3e1d4cbbEgavilanMedia User Registration and Login System with Admin Panel version 1.0 suffers from multiple persistent cross site scripting vulnerabilities. Original discovery of persistent cross site scripting in this version is attributed to Soushikta Chowdhury in December of 2020.
fe7e9842f5b2514b37c22746304bed97be526f4209d8d9285838688c7dfb9e35Click2Magic version 1.1.5 suffers from a persistent cross site scripting vulnerability.
ef04d41901220d76865329a2feee9ed509dbc4650d77eccb93ace642975dd335Intel Matrix Storage Event Monitor x86 version 8.0.0.1039 suffers from an IAANTMON unquoted service path vulnerability.
53a6ec5e6199676d3685d5babcf43c618caa8d1dbff3b3ae796deb36a20a2cab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed