Chrome suffers from a type confusion vulnerability in V8TrustedTypePolicyOptions::ToImpl.
2958cc5bf93c21057e69ef8513bc362f687045e59f2c206cdccd608e727c8e50The compositor thread in WebKitGTK+ might alter a FilterOperation object's reference count variable at the same time as the main thread. Then the reference count corruption might lead to a use-after-free condition.
bbe17996fb172c1e4eed3095e053f8ed01eb9b918fe81e18dabc0807d4a6f3b7XNU has an issue where pidversion increment during execve is unsafe.
2828bbb358863a44474238816c7e9b7bd8be56c3e4abd3cbe5d4946a7923e3d0JavaScriptCore has an issue where createRegExpMatchesArray does not respect inferred types.
e3e805d860fc95f3375effbe7e1765bebfec64afa85c31a72c61f81229111064An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.
34887ed78f437dc71b9a27e469d90d560f20f0a52702a9df664219aa2a18b0f2sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
7174148df741c7bf30bd090b71781b0f77d5d349c7bbb3c6cdf8e964111c0a0bBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
88481997578c27924724fea76610d43d9f59c99edfe561d41803bbc98871ad31Red Hat Security Advisory 2019-0693-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2020, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.9 AMC after March 31, 2020.
8c0098ce3afd334b71a97ed901af67e012f3ec7320f3d4719dbcdc9aa8d1990aUbuntu Security Notice 3928-1 - It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges.
3c2320ae6736daa9c795d4a946c97ede8f4726472d37f7d90094b764077a9d2aDebian Linux Security Advisory 4421-1 - Several vulnerabilities have been discovered in the chromium web browser.
804289103c3ef32a6ea538fb368e0326f552c83b98886c6a99dce02e8ec9959aDebian Linux Security Advisory 4420-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service.
4c970eecaec472a377f2971b515b2f12c34c8ef22aab88f39abedb736fd391a0Debian Linux Security Advisory 4419-1 - Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.
65f39fb8b850fd411e14f6fba9aba785289c666dd278cc53224a7db303a3e98cFiverr Clone Script version 1.2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
1618000c96bf39209ce18caf97a20da2dddd2af874a77c8d5abea7a3f1d90bebWordPress Ultimate Member plugin version 2.0.38 suffers from a cross site request forgery vulnerability.
4772d215c378d25e9935476f1ef5390f196f37487b85160372746959794faf06zStore version 1.10 suffers from a cross site scripting vulnerability.
3139c10cc8dabfa325676ab6215e07820682a40a763796614559aced17d97fadzipperSNAP version 7.0.28 suffers from a cross site scripting vulnerability.
55fce36109c88d7fd1d8d0636035f9e5812f2aab4f5e1f37c9005eb751eb8a91zipperSNAP version 7.0.28 suffers from a directory traversal vulnerability.
28257744b772433de28fbdabf08696d1384a6e2e6a3ca21c8da2292c4ec0c757Zeuscart version 3.0 appears to suffer from a user detail information disclosure vulnerability.
e02d48ccd44b5dddd10aa229cfee4b59a02aa56257c65e8a17425477b415dcbbSphereFTP server version 2.0 suffers from a remote denial of service vulnerability.
50f3fdbd774c2c7cb68de14a98e48b0a15a7c7de2bde80cabcbea75849d4b50eClassified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.
63542f9d1c1104d0942738c1161df7996e1cf20ff40574c1071e3ef5584f6e3bThis archive contains all of the 205 exploits added to Packet Storm in March, 2019.
c93d1b13c676a6a24517848c02f420b5dc6abfa2c8fa2fdf5908d320d76ad119
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed