The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.
a393bdd205b55a25a4010667d7d283c1bd373af4b7bb30a36f33608cf1edeb3fThe Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.
b39149935b26f2a93874ead5ff16c8bafcc4acc7b2b341ba68ed2751bb86aa82The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.
7b5280c111b616102ccc14ddef413c7f8bbeeb1ba04df2aa047b88bdfe97d452There is a Microsoft Windows Kernel arbitrary read that can be performed by accessing predefined keys through differencing hives.
492807027a3cf7a8d886110c04d56bed4abbb83ec85e31ab445e48ddc7826fceGoogle's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
f8d93f2343a040323b88f0d09c93be33b043bf63ba483af45510cb85aa1a2305PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
9768895d2abdf9061c8bbb17f023fceda12f83ca9ad17d8775631683dbe7e462This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85WordPress WP Project Manager plugin versions 2.6.4 and below suffer from a privilege escalation vulnerability.
6dd9ce941c9d2d86124d386eff22150f99117b79a0948c64c5aa90dd062a66d1Red Hat Security Advisory 2023-4590-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a html injection vulnerability.
6d99cb519c342de3573d10b7c2abdd10e9e77c8a8904d1787623fe50acf4092bUbuntu Security Notice 6281-1 - Alvaro Munoz discovered that Velocity Engine incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
23db43eb8bc97d2334ec675fee1fd962af0c7f9139a18b2adfde72b91dce8a00Red Hat Security Advisory 2023-4591-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include bypass and denial of service vulnerabilities.
14db831dab7107e03526b1f776e7bd32651e2bb30ecc3af1970c8c9edda92337Ubuntu Security Notice 6243-2 - USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the applied fix was incomplete. This update fixes the problem. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
25064c89e5e6fa6071d1e29c87bbdfbbcf49f4aaf0c925fc6c87f24e1474cc6eDynamic Journal CMS version 2.5 suffers from a database disclosure vulnerability.
6116d0ba8d26a1199f0230b37e79aa84d8430cef695b9c89f015cd98d1b776efe2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.
5433c74f920760e59a3889a4eb94f7621298cabe8eddf15f30585be24f026e98DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.
e6bbd0f2f85c5a85db0341ad4fa0a655765bd7b91a5cc41a6d0b07469ab56025DMIS:CRI LMS version 2.0 suffers from a remote SQL injection vulnerability.
c7a9be978c284812022ebcd2e5b8b7e1823bf359cdbbc4d9eabfafd973395e9eDiscussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.
7d18de8acfc063f172113a27af33ebbcf209b0dcb3d43c8ec163f7ff1adefc84Digisha CMS version 1.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0357b8aa69b46a1a9295acec3a0b2f291ae056879b51f555fe1c4f2cc1112494DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.
8729994d50fb2282a91511c1471e529be3acfb58262a0d60949d1b29f6c5d7a6Doma CMS version 1.0 suffers from a cross site scripting vulnerability.
f5fb597c82fd658cb3dd151e66237da23a4f5791751b5e130c5d95b1a8e129a9Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.
ee75f970e155669b73118332fbaa7e9c33f33900005bfc151805b9ba771cd102Deprixa version 3.2.5 suffers from a cross site request forgery vulnerability.
c70b9c9d7d7cf489076ca295cf9ea99b9089c38e63f61ec0d4d7a1a30313bb09
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed