KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
e7fe1145875f4fee303754d7337102102f889c5f0d146987b8e928e2a6212f22KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.
7a5075697680808e5b44c8cbcf23d84270742048cad9980a168091187abdbea1KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
e4b4cd6f51b8e33aae4b3ac4567d5823ab352a308e656ca6dc37edc4c64a9881Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities.
b55157214aaa2b6ae562d7cfa0de32cfd562800d2a6cb523e250837eb6218be3OX Documents version 7.10.5 suffers from multiple improper authorization vulnerabilities.
fdc415c0e1479fc1bbd7c9da23f2c1893080132040e14750beb56328b7efaa61Red Hat Security Advisory 2021-2734-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
99f079adc186c2d82d3b579e84be343741eb238b4be2a07e3522085c19e36304Gentoo Linux Security Advisory 202107-48 - Multiple vulnerabilities have been found in systemd, the worst of which could result in a Denial of Service condition. Versions less than 248.5 are affected.
25e1bbbcade540161205016cfceaba05de79ff1f950598f4886465d9e893b747Ubuntu Security Notice 5013-2 - USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Various other issues were also addressed.
287e4074d79de02cd3d766899e09bac7f5427350422d727fb07ad78d7377f631Ubuntu Security Notice 5013-1 - It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers.
fe61eaf938741caa2ac40aecda03248812fea81b222956ff21110da95e7b7368Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.
4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8aUbuntu Security Notice 5012-1 - It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host filesystem and possibly escalate privileges.
b22aac378066db3bff966a442b28fd637c43f1b71476469d8cea5cbdd5432b3cGentoo Linux Security Advisory 202107-47 - A format string vulnerability has been found in libpano13, potentially resulting in arbitrary code execution. Versions less than 2.9.20 are affected.
06bef18ebf5ad1c6f1ae779313f4549df45176ee989ea7ad17492e6e87d5e8acThe default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.
817d39612fc53f7a2ee93673d737d89c13b73c3517209d386b6ada61eca137bbGentoo Linux Security Advisory 202107-46 - A format string vulnerability was found in mpv, potentially resulting in arbitrary code execution. Versions less than 0.33.1 are affected.
046ed4eb87056b3c68c1fa64b6da4a52c03cae00179d410f479985d55d510be4Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.
8a316a9307c0d4b3b8fa1f3bb02ab7e2a5d250b7b981658538c23e171ca98d24Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code.
e5626ea542e0e7cf4d21b7704ad137ab9dac2e0503a662b96c9d976e9d97f88cGentoo Linux Security Advisory 202107-45 - A vulnerability has been found in PyCharm Community and Professional, potentially resulting in arbitrary code execution. Versions less than 2021.1.2 are affected.
88c6d31bd92babdddf99e81e82e91e08fbe5120af5d75edca9ad88875d4329d1Gentoo Linux Security Advisory 202107-44 - Multiple vulnerabilities have been found in libslirp, the worst of which could result in a Denial of Service condition. Versions less than 4.6.0 are affected.
dee28e78c3c84064553d065f12f818eca29b2e7320918e9a0274937706eee3e5WordPress KN Fix Your Title plugin version 1.0.1 suffers from a cross site scripting vulnerability.
1f86e07161a1b150ce0e117a709ac6656bdc255650433515fad5cdafd5b45b8aGentoo Linux Security Advisory 202107-43 - Multiple vulnerabilities have been found in RPM, the worst of which could result in remote code execution. Versions less than 4.16.1.3 are affected.
7ae0d8ff819674775141cdc5a9dc8221cbf095b4a7fcff5829370c7582ab7ebfGentoo Linux Security Advisory 202107-42 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in a Denial of Service condition. Versions less than 2.10-r1 are affected.
5a417322cca4ebbffb59d822241e9901118075f14621d5a481358d07bc077ec3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed