Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
d04293581994ba012e305b667f533a43f91c013c6da677eff4fa9c29ace725ff
Ubuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.
c8d204f7fe9cea49ee5d807afdb6f7cdfa086127bccf23406e8c8a76fc5ec584
Debian Linux Security Advisory 4422-1 - Several vulnerabilities have been found in the Apache HTTP server.
961d97f7066c2153712981e824caca1ecdd1c8ed3bcf22d5649c1e105a41be19
Slackware Security Advisory - New wget packages are available for Slackware 14.2 and -current to fix security issues.
6f7c9bf6930258c4b9cd925dfbbad55769b68eb9834ab3de64199aaf3f349568
This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The "new_config" parameter of "exec.php" allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter 'new_config'.
6b23f44b58a78b7d7096bae0b41143c292c72490f68b7275ef4ce25d71e55466
Ubuntu Security Notice 3933-2 - USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. Various other issues were also addressed.
293ab65e73bf98d20f314b55630ebb7d784a521cd0ca32fe2129f80d23b2e3ac
Ubuntu Security Notice 3933-1 - It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
dacdaa1df1a65a7d64811fadba0688d21342dc6a545f4369b2f3a0d1e7628320
Clinic Pro version 4 suffers from a remote SQL injection vulnerability.
5bea9587cd72fb3a99087201ad844fd9929953293c46ae99bdac59e3436b8294
Ubuntu Security Notice 3932-2 - USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
6b04b1ca2b939f9ef77c26b11ce5669d6f7a229ddfbabf646e284686af89d8a3
PhreeBooks ERP version 5.2.3 suffers from a remote command execution vulnerability.
ef91e23045cc28f2a527c8875343db76430b6f42d8e278cc154800d093f173ab
Ubuntu Security Notice 3932-1 - It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
8a9cf057269e567e457b41d6710b7b91e84287f5f6e3ab62365a668b68242bbc
Ubuntu Security Notice 3931-2 - USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. Various other issues were also addressed.
3da25881795c75e4bb949d560d025be98c843cd588e2826360ca5c71e4e66c69
Ubuntu Security Notice 3931-1 - M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service or execute arbitrary code in the host. Various other issues were also addressed.
8648907b306a30de1b668a41a8ae79574d61f4eeddb6db9b310b4966103ace78
PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.
8946af8607d01cdbb4bbf87907507e414123374fc00ec083466a26acdbe24cb7
Ubuntu Security Notice 3930-2 - USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
4102f0cd3e3625cbe62726a696226a0b078386a4844fe7aa1d3769f8d3be7544
Ubuntu Security Notice 3930-1 - Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information. Various other issues were also addressed.
368e9dbf141a9e760054a79a440120646f0b3026e48ac5716619c4793e2820ff
Slackware Security Advisory - New ghostscript packages are available for Slackware 14.2 and -current to fix security issues.
abebe83ea8a0adef25f49987ca9bc808814c9bb0422eca0d29b97ebc3ef1f249
Ubuntu Security Notice 3929-1 - It was discovered that Firebird incorrectly handled certain malformed packets. A remote attacker could possibly use this issue with a specially crafted network packet to cause Firebird to crash, resulting in a denial of service. It was discovered that Firebird incorrectly handled certain UDF libraries. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
f2e28f902dd88d8beb6c8c1326bc248e679f5fe5aff3b26ca2c8d74944fb3b3c
AIDA64 Business version 5.99.4900 SEH buffer overflow exploit with egghunter.
b6d0250046d5e3791787f6b8eb1a37d9d007fe3aec47fcaa47c94c5ecc35a1a9
Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability.
533760c67d1d7fa6de35406aeccb7237b87feddc499a0a0f9f448cf2d85166ce
iScripts ReserveLogic suffers from a remote SQL injection vulnerability.
860f8981d085a7ac4e933bf61573a124c96dacb0a9741a486848a551a27ab80b