SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.
aa916b476c438bad08b7aea8b01a918e991d3830378d96635e1586a0f7f2b220WordPress Postie plugin versions 1.9.40 and below suffer from a persistent cross site scripting vulnerability.
45896cdfc90f871562bc93f05d2a7c31d959513fee7c36bcfe6274babb4f439cUbuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.
f27f4f464dca0131a740388b68a10b2b2016cf4c60d9b6cb1e1399592aeffdcdUbuntu Security Notice 4221-2 - USN-4221-1 fixed a vulnerability in libpcap. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service. Various other issues were also addressed.
233f1be15f4e552158f7602a8ce01d3d2499e4dfa07ebec1c306fe4ca99be687Ubuntu Security Notice 4239-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
2e67ae92ce3f7e96cb1d36672d0bd1780ed4a26d793bece65056fc77ec88d7d9Ubuntu Security Notice 4237-2 - USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.
9dbb5dda31343b000adf3701f9f753a0885b0533c6b250e7096d8479c357f23eDebian Linux Security Advisory 4602-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
e5bfcc7743f4984f6ecac091e3a281590c7e7e3caf0c70d6d0dbc7576bed566fRed Hat Security Advisory 2020-0111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
28c1d851054c5383bbe63ee7bb1b8b2fdbc55c214c08cdf429a2dbad5bf9a2e1This Metasploit module exploits a directory traversal in Huawei HG255.
067ab5b18acb24c456e0b9a078cfe01b25919509e185553aad4b5a3a85592babOnline Book Store version 1.0 suffers from a remote SQL injection vulnerability.
2c087023f805b4cfebb619172cc89b843972b84b1ffb24b39661919e514fc2dcThe Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).
158f8bba58dd0cfb1693ccc6021434881f579c25482bb12c46542cc4b0abb810Rukovoditel Project Management CRM version 2.5.2 suffers from multiple remote SQL injection vulnerabilities.
e6d8e35758669a0555a5226f12430c3db7831b53164a36983af7f2c027674910
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed