Gentoo Linux Security Advisory 201903-8 - A vulnerability in GNU Wget which could allow an attacker to obtain sensitive information. Versions less than 1.20.1 are affected.
2434dc89023ff5753338fc86dae08c750f387f9dbe89122525463662e1fdfc53The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.
81d800b900bc4297e512c7d18ad2247e78e725fdcfe787e78e5481c6d67b00b7Gentoo Linux Security Advisory 201903-7 - Multiple vulnerabilities have been found in systemd, the worst of which may allow execution of arbitrary code. Versions less than 239-r4 are affected.
2460a4ff120455c4fb22e6a4569df946a8636e43beb21599764d129ef5f68aadUbuntu Security Notice 3905-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
44a531f028a9524b27f93dd0faf1433cb745a17006c1f50eb9ba2a10e5078afbBEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. Version 2.8.0 is affected.
9b25608e33db31ec854a322eef7e473af8343e6f2015169f26412c7df6c6542fWordPress WP Fastest Cache plugin versions 0.8.9.0 and below suffer from an arbitrary file deletion vulnerability.
7dfc32d6c97f213e4afb3d338d1b15a271899fa857fcbb3a1e5f94bcac77d94eCoreFTP Server FTP and SFTP Server version 2 build 674 suffer from a directory traversal vulnerability. By utilizing a directory traversal along with the FTP MDTM command, an attacker can browse outside the root directory to determine if a file exists based on return file size along with the date the file was last modified by using a ..\..\ technique.
3fc201ddb80ecf5d371328f76f120d416014c22afdf01a082fc0fd2b76a60e8aDebian Linux Security Advisory 4404-1 - Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.
8f90590a0d9134bb918684d8b431f13960f3247bb429356abdc11b14c5ef01a5Gentoo Linux Security Advisory 201903-6 - Multiple vulnerabilities have been discovered in rdesktop, the worst of which could result in the remote execution of arbitrary code. Versions less than 1.8.4 are affected.
b0e8dfb9476ce98c512bb27463d0e487c90ff77466d477affe451f150277b11eGentoo Linux Security Advisory 201903-5 - A vulnerability in Tar could led to a Denial of Service condition. Versions less than 1.30-r1 are affected.
13c5f7e57c5de3c581572b44785ed1addaa4de9fcc7744b3622491bb61d0105fGentoo Linux Security Advisory 201903-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.5.1 are affected.
20f08612c8ca6c7100b86c7d867c5217f53e3e3a0d615961b7cc0eca15beac39Gentoo Linux Security Advisory 201903-3 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.64.0 are affected.
7b295ee612fd47e8561e865b6ce95775caadd490653734d95071b885946efb5aDebian Linux Security Advisory 4405-1 - Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution.
b4ff8b87f7a102402e670b25da69228b796091715314398d858d9267d0f176b0This Metasploit module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy script can execute commands on the system via a [command].execute() call. Valid credentials for an application administrator user account are required. This module has been tested successfully with Liferay CE Portal Tomcat 7.1.2 ga3 on Debian 4.9.18-1kali1 system.
3f493346c1e9eb0567ff5a73ec406ade5fe2deff6c0f318670247793c4d63a4dLinux Kernel version 4.4 (Ubuntu 16.04) suffers from a snd_timer_user_ccallback() kernel pointer leak vulnerability.
c02d5c6107b8268f368eaa7acad7eef444f4482a3ced9cf9216e83faa22ec1b9PRTG Network Monitor version 18.2.38 authenticated remote code execution exploit.
caa8e8d6c84347a1761464ae9cd384e08ce642f7747909ce0a123c579c8d1899CoreFTP Server FTP and SFTP Server version 2 build 674 suffer from a directory traversal vulnerability. By utilizing a directory traversal along with the FTP SIZE command, an attacker can browse outside the root directory to determine if a file exists based on return file size by using a ..\..\ technique.
37bbdbe7891d4945d5ffae270f56ee38468766fc65923b032489c8574e7b1953NetSetMan version 4.7.1 SEH unicode local buffer overflow exploit.
3660935cf2b6877fca40211b0c89b9a02354cd4987269316f6ffba305d44566cRed Hat Security Advisory 2019-0481-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.121. Issues addressed include a use-after-free vulnerability.
3945ba5b4ef3b8be100a9c3e58657eb27ff509e67c2daf8e5c77aa7cae009bcbThis Metasploit module allows the execution of remote commands on the server by creating a malicious JSP file. Module has been tested successfully with OpenKM DM between 6.3.2 and 6.3.7 on Debian 4.9.18-1kali1 system. There is also the possibility of working in lower versions.
b484ce434849b0e636117356302856ef9777c0efd7a2a6dcd294dce74e53a4aaOpenCart Price Comparison Store module version 3.x suffers from an open redirection vulnerability.
0bd6d414d3abd4c0aed888a1c2a9d768afc6e326d7d854e6484927f0c3f33170Vanilla Forums version 2.x suffers from an open redirection vulnerability.
10f2633a6ffdfca5da928ebbf478694c825fb61a4f480bd3745bb1d49b7d6825DotNetNuke SaveAsPDF module version 1.0 suffers from an arbitrary file download vulnerability.
15af5e545f6db820e456fdadbd6efe9682cffaede9aa8deff0ba5513efdae663
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed