Ubuntu Security Notice 4032-1 - It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.
cd8ca7fe3ccaf00cdf3dfc9530b3270fc8e08916ef3075cbfc3c15f9bdf7a79fUbuntu Security Notice 4031-1 - It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.
c29a8b0fea956d911595a73c3f67d6fdbc5407536f94826edbbc54f9d5c4a7daApple Security Advisory 2019-6-20-1 - AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.
2950ca97cab531b3e2e2e4562a29b089f3150156b9d3f50c8474c0dfa28ab883Ubuntu Security Notice 4030-1 - It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
a99087702bd4f64f9a186902fa43b09a473e58c2c4153bcd31bfc5a32d36a29eLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
3d27ade73a5c1248925ad9c060024940ce5d2029f40aaa901f43314888fe324dFlawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
f1dcb1ec3e35685e46a8512137b8062daa1d0327900177998a405feab608adebThe Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.
dcd4603b5df7584c96b28ba89a54652b0a598775dce738ad4fce99ceb40bfde3Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.
e9fe2f31e8d857a922afac6a9b0dc08c238b42596dd0c0b56fd16a1c45e94752The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username "%25s%25p%25x%25n" will crash the server. Sending "%08x.AAAA.%08x.%08x" will log memory content from the stack.
2710131973cb651b312b3b4490bb6638b5ec8ddf6b94183de3c0860cb2228091The IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to overflow the host headers and overwrite the SEH address which can then be leveraged to execute attacker controlled code on the server.
2421624e7ad840181ca84c4621cdcea0f08c090f97ea23834ea7b42bf7a3e813Debian Linux Security Advisory 4467-2 - The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue.
7ffecaca630e2663a76860238eae9cac1f5902a80bef104d2e2fbb7bf4e233f8Fortinet's FortiCam FCM-MB40 product suffers from root code execution, privilege escalation, hardcoded key, and various other vulnerabilities.
9f2f94c84dfd3b5547608074fb33e50712d22787afc74eccddf998d33fd24309Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.
b47d7df6556725e46113ce7a9f4050b612e0a4f0d34456f40e8a05665685954aSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
add5ad3d3c6c79a4ce2b1532f6867b86792f90cc9a71d0b6e4f832b2af955b62SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.
858fb99e5e36779263c2e779c1c6c5b5f9c3310453df4715374cf21fdf6c2304SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability.
2e81d288604fec50132b6f4b1900c03daee7000f172b691749bfbdf578667cb3SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.
0dfb58e7e058dac851138d94079c3d5de11edd4c0ecb6b3903aceff14a62a710dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.
f83b0b9ab7cc250cf20670b3e253269469b0e1ce69a954e03cdb40a582c1b178GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities.
fbed7b2956e1a8e6360f3649b0194bda9e49b43a49f48719668efd1f58947e81GSearch version 1.0.1.0 suffers from a denial of service vulnerability.
ba62efce43b899ce2cd387f6ba56249452fc4b878e070d13e8b20b66a24d43f7AZADMIN CMS of HIDEA version 1.0 suffers from a remote SQL injection vulnerability.
125cc8406d43e293e53e175f89f229c1ac8e6557e4f6807c930dd94df5799f9070 bytes small Linux/x86_64 reverse TCP shell over port 4444 shellcode.
5b2cd8d9d58e04666560f366e8f66fd5cb9b9fdfdbab656bc1860b161d6d68ecQuarking Password Manager version 3.1.84 suffers from a clickjacking vulnerability.
2eb040e7b84001af8f775088b15f1c372884013e577cbf592a2d990759f1d7aa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed