Ubuntu Security Notice 4959-1 - It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
64027c503141af1b1cc4273bdf7d24976a71da12930a164c10e61a97a88f2cderxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution.
53d147513ee561cb82a3680a3f61c78345344512f153fa4c238018b7c6a94c95The way Microsoft Windows implements file security appears to have some significant shortcomings.
1a9d53b83691e86720f4c510191f9bc7a7352b1a697239a933f41958c7ec6982NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.
fb87f0499aef3335445d3f11dca696cc51f521e079a6ba1f2728e565105afbc1This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server's MvcUtil.valueStringToObject() method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x before 12.02 are vulnerable. Tested against 12.01.09045 on Windows Server 2016.
98d5e63a61fd5e20065bed1c5d49729a43d215ca4759d51680b7ba3f830ad751Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
fc742047d8b8d154de713b05afdfab501a45bddc800889ed88b0e78a2fbe9c46Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
4994e9ee8ef050881d5c7986b2b95a3abf2114f79e4dbaa28a537f8e2ad5c93bHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
d2b3c8f333c22cc4a021c916a95b8461e18d9c87103080fe06da247ae37cec80Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code.
bdea505eb4fcf592e368d096a5525e292ae2730578fbf547edea57ce828b48fdUbuntu Security Notice 4958-1 - It was discovered that the Caribou onscreen keyboard could be made to crash when given certain input values. An attacker could use this to bypass screen-locking applications that support using Caribou as an input mechanism.
aa33ee0a5c3043c95727aaa77053e2a54fd308b5a6bbbf233db171c958ec0905Ubuntu Security Notice 4957-1 - It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
ee32859bc1adda632913374be4966d4e567e8fdb63373c8cc0fe87f772d9006bBackdoor.Win32.Delf.aez malware suffers from a code execution vulnerability.
8fbf0938ba6ecfeaf987ee90ac05df4c632debb888ae08b0ab0ede052e67b395Microsoft Exchange 2019 unauthenticated email download exploit.
2af5b9bd138c45d1bf5e92b4e5613e7bcfec93e1c4d006a04b0fda8a6ae77f19Ubuntu Security Notice 4957-2 - USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
77454afd173ec1fba754b2ef20b14918cc97b61acbcc384684d6cbfeb20445a1EgavilanMedia PHPCRUD version 1.0 suffers from a remote SQL injection vulnerability.
ed2aa2a31bd825dacb6f05b8ce3fc02990a0c2165de41d9c688122ee1d3d1518Backdoor.Win32.DarkMoon.a malware suffers from an insecure transit vulnerability.
0b4c5a2771883478421fbfda474c4d8833546f552a547401fe973a14ecd0c8e3Backdoor.Win32.DarkMoon.a malware suffers from having a weak hardcoded password.
e4147575d15c6a5282e550da5a507aa9333a398523d86f3ea68ed962a8052dcb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed