Gentoo Linux Security Advisory 202012-9 - Multiple vulnerabilities have been found in Cherokee, the worst of which could result in a Denial of Service condition. Versions less than or equal to 1.2.104-r2 are affected.
404f953b4e4f65b067146dcf3fd8f42043a28bdd0a7637b0908b08709db8f932CVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.
2deda0d9cacd17b84943f485aeea236f1b4dc0389dcdbb9cc34a1cf168d4a259usrsctp suffers from a use-after-free write when handling a malicious COOKIE-ECHO.
f252bba03489bc8f9be449d6b5822e8198fada928b67bb244011cc520b0a698cAsterisk Project Security Advisory - A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.
a26dc337f57530d82d427354073f347e972800a041eeb38f8141eeefd479f86bSales and Inventory System for Grocery Store version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
98c5ae9b0429981b3325616f4e0234af3bd69a9c60236617202b83e68eaf16b5Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. Note, the remote client must be authenticated, or Asterisk must be configured for anonymous calling in order for this problem to manifest.
48af91212546e76d006116dba7b12815d843a845495623b78255f9379d3b2484Whitepaper called Object Prototype Pollution Attack.
0cf71dcc65c57e4d0d55c1d72779900dfcd3e0f7bb0d277277738f83613d8f75Online Learning Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.
4bf56aad0d98f96c15bdec5d6080b28d2e6740f6f43c13f099402268a28602b0Online Learning Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
b4f2626eb55cf30dce5e24cada5945ab5668c14d92899b1bd07b9cabfaf6ed24Class Scheduling System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
adbb192a182c5be01024e5377112931a76283874d7ee2370350f93a0aa3d9cd1Baby Care System version 1.0 suffers from a remote SQL injection vulnerability.
ac259d2e4f434636c58f29410add7476b9d96d6ec914f3704b0d95819170f896This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
1ca4ee63f6107490fe17d396df7f0153a5c29930a496321ceec2101872db532110-Strike Network Inventory Explorer Pro version 9.05 SEH buffer overflow exploit.
7f5c6380e6a4c035e00bf9a7b7a5fc538c47594ab972e81143955e9d46b6a75fTerraMaster TOS version 4.2.06 unauthenticated remote code execution exploit.
786b3e02ded0b491ccd7dbfa6dd55166637cec7a46e2e67caf487375718fdc42Multiple themes from the WordPress Epsilon Framework suffer from an unauthenticated function injection vulnerability that allows for server-side request forgery and denial of service attacks.
42d834d50e95bb3d58e3d0702beeb435b43360364f98da806946bb570f0d94a1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed