Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability.
eb4458f535e94d51c6b4bf1779dd9da7aa903e2ad0a85e32eb0811983d7d8aaaDebian Linux Security Advisory 5591-1 - Several vulnerabilities were discovered in libssh, a tiny C SSH library.
f815049b2837197686b4875cddb418f75a8e54d47afc59fdafc4741b2b0cb015Debian Linux Security Advisory 5590-1 - Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure.
a26862fd9c15261a0556762eeff6b4507c638df9bea58642fe40caded089f310Gentoo Linux Security Advisory 202312-16 - Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution. Versions greater than or equal to 0.10.6 are affected.
475da9d4074fee95dd103c9e4072c2a5bae6c16622c02660f94da00f23ad5f16Gentoo Linux Security Advisory 202312-17 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution. Versions greater than or equal to 9.6_p1 are affected.
ba995f8d24608fff3aaab0d0ad90892e7d28d73639eaace76ba4733a544b788cDebian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.
99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.
135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929caLot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.
e412e93388798209ade400aff41a77ff351847f86f63f4e81db78a35ca5ddef3Lot Reservation Management System version 1.0 suffers from a file disclosure vulnerability.
bf774e0f7e0060a8015abbc023b9dab676d3d7e67b08feb98176fcc69b64b2b2WhatACart version 2.0.7 suffers from a cross site scripting vulnerability.
c17cc364b4eb7461dafb8d263042b8f90e6b4194e4c0b4ddd1f2d5702491ef84Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.
40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381ShopSite version 14.0 suffers from a persistent cross site scripting vulnerability.
f34fa6a72905f01bb41aaa658d65a5fcc525f2bfd0fd6925a5b8b8f32fc69080When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.
42111d854609afb4221ff75af6db4e27c366baa1bf5886242bf637a8ab822f76Debian Linux Security Advisory 5588-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
7af4170ad4031fd3d2a9ee78c01336ac9376c0590df4e88dd4e5550f0258ed24Debian Linux Security Advisory 5587-1 - Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk.
ee8b5da3ccedc4ad611c77989a7b82094859da7f9354c5d153f42704a855a11aGentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.
0922bfbde257cc0b18058668376d2cab6f85025fca60b1954a14670568bf0216Gentoo Linux Security Advisory 202312-13 - Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage. Versions greater than or equal to 1.20.6 are affected.
5a6fbc4b9762dddb1dc427ba9447ed15f97e4c9557de3f0888ae48ae8e114088Gentoo Linux Security Advisory 202312-12 - Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. Versions greater than or equal to 1.14.4 are affected.
3018a3aaac2e8e504bce240edb2f33466f227c0b15ee1ce0adb6bbddcdceb2caGentoo Linux Security Advisory 202312-11 - A vulnerability has been found in SABnzbd which allows for remote code execution. Versions greater than or equal to 4.0.2 are affected.
414698e4e9ba87a0138f321143a42ff3dd88e6bf81dd242518d6c09de60a3092Gentoo Linux Security Advisory 202312-10 - A vulnerability has been found in Ceph which can lead to root privilege escalation. Versions greater than or equal to 17.2.6 are affected.
daf313bfa471e6c911b744215f7deaf8540dd85955b1584a4642d7487964ba48This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14.
09b5c0daee44baa94e38827531c7e5e3a16030ad3bd658700d439138930a1243Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9GilaCMS versions 1.15.4 and below suffer from multiple remote SQL injection vulnerabilities.
73c5a34456c9dc83524cdea6fd790c6eac1c9f507a29917a6b2476535df6f2a6Gentoo Linux Security Advisory 202312-9 - Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.16.01 are affected.
6c8abaff0e71ae8e95b4a8c44f57bcad513a93fc3d2495d0c5507fb13359884dGentoo Linux Security Advisory 202312-8 - A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash. Versions greater than or equal to 0.21.1-r1 are affected.
06e868d02c6df3bd10c1a22492d4d300885f803e0ee7c3135a6df46242f5ad36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed