Ubuntu Security Notice 3971-1 - Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting attacks. Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information.
59df87c397347da7a08470d5538a62ec94fe38b4bb428fd192e85b173d298c3520 bytes small Linux/x86 execve /bin/sh shellcode.
31a2c43fd439c5d7bc541e9c1b71463958758c334d675cd7ab929cc856150d92Lotus Domino version 8.5.3 EXAMINE stack buffer overflow exploit with DEP and ASLR bypass. This is a working version of the NSA's EMPHASISMINE exploit.
59befea17a3b6d734bfeddbc6a540eba7507f7d5048fb12835d4751acde3c387This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.
60039dc761905e4a2ed93286404ec19777dfd73ef434ef8a80431ab28e2ebbc1D-Link DWL-2600AP suffers from an authentication OS command injection vulnerability via the upgrade firmware functionality.
2b43ebd36262c907295458d0fbffb9ad9c579e3ca23e48f233d31f60a550e9f1D-Link DWL-2600AP suffers from an authentication OS command injection vulnerability via the save configuration functionality.
0d25650c608f75fb59295c695a56713f2c323d2f971c6f6256459fa302310b3aRed Hat Security Advisory 2019-1116-01 - OVMF is an EDK II based project to enable UEFI support for Virtual Machines. The ovmf package contains a sample 64-bit UEFI firmware for QEMU and KVM, including the edk2 package. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.
43f4f10f58faad85172e9739bdffb7d8aa480b8a8fcf2fa6620c86d59ece1bdaUbuntu Security Notice 3970-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
552509d215e0eb4130a78ff300dd832d8847473f0907e12125e56da80c282b27Red Hat Security Advisory 2019-1046-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed relate to a speculative execution vulnerability.
641d97d1f6dd3b4917b0928457d6f5445185b235d120f414bb77ea83f14f84fcRed Hat Security Advisory 2019-1107-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.
80d392549592df0d3648a41edbe6f03cb21e2f0e4cde93f299d3e5a09e087415Red Hat Security Advisory 2019-1108-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.
39ebf04e2cd56b743d8a3ff8fd6cdf412cf96ee2ea7d51c35b3077ac6f829854Red Hat Security Advisory 2019-1106-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.
41d2db304156761fdbf12167d29fe1538e7185923616f68b356302ec873b1aafDebian Linux Security Advisory 4438-1 - Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets.
19ad0b8f7ac480a316c9fb32992335c656459fd7a97c6bae813f7512d816be09Extreme Sistemas CMS versions as of 2019/05/08 suffer from a remote SQL injection vulnerability.
1001d2a36f72f1f65ccbe6c24d2f3a5ce58450789d9876cfbadab510a6bd331bWordPress Diarise theme version 1.5.9 suffers from a local file disclosure vulnerability.
e9d7a272293b61c36c6eb6f9706f33b141e15fca5c0fcc01049b542fa9ebebdeMiniFtp suffers from a parseconf_load_setting buffer overflow vulnerability.
82ca8b5b40f1f6d1a12555d12fcada66722c069ddce73beb75e236b63b434383
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed