Zeta Producer Desktop CMS versions 14.2.0 and below suffers from code execution and file disclosure vulnerabilities.
7b34d3b01869b6871b496570304d7e9c09086b2b712d8580375a7a234aaf2478This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet
3d8c5a206e655ffc1020ae9dc72f79a8470fd65b1714a8754570a275ba8cf2adCouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
a93f10ff77a858d80ea8ceaf2de3218d932d08cd6154f36a815a8470659052dfphpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.
dae18ef3348cf3077fd1fd7c0054e8bcb0185fb7e809a95ee03722cd6aacb0d5Micro Focus Security Bulletin MFSBGN03811 1 - An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC) allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Revision 1 of this advisory.
32ae304d64f32a9870172cef477f105d5a8994a5cf84ac35338227db8a3dada5RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
9ddb565ccd3cfa1b04d5848eeb00478b6bf3789a0a270773a457841b32dbe50bMicrosoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.
f4b986bf36dfb05720fc2029354aa57451279bbc79487e82145d40d7bd8a2aefUbuntu Security Notice 3714-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
5b9a375b7e68e29c645ccc9c61dfe743f7d5c1f9083b295b36d6d6fa792b993cRed Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
3ae001c838be7fe63f3f17218120c104c0337869b4012d6ba095f9df05b116a8Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
7e87933107e4717883ce5385c59d3741b7ecc791f11d4f3340888ec72b50870bUbuntu Security Notice 3716-1 - This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover.
17290db2f5121408e5243dd698529792611d985988392eb2d90fe7e13bb4fe20Ubuntu Security Notice 3715-1 - This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints.
4896f5ced15bcadac389437c45f3661f78b0e481c64c6ae911366c71a739cd54Red Hat Security Advisory 2018-2187-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include out-of-bounds access.
3cf3a4008f8603285e63957d08f151b7215154836af4d8dfe0c8ddd59cc6c556Red Hat Security Advisory 2018-2184-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security fix: ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs Issues addressed include an information leakage vulnerability.
347d2019e1ce59cbdad13b2c91e7c6d733dbb455fb6118c1f45f4036c8fc1438Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
412d7e1d5c3b61f0857d300cb1c0b4082cd19640e580ecfd77fb5db68b6cbd67Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
cba802bfc2dc2746c8f8e1001e9a4923a4cf6cac8ab813f905962939ace76e2eMicrosoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an out-of-bounds read.
aa1bde86d10b95d8ca0ccfc5d06fd9edd0e20688c8eadfbfc61a463d88cdead5Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
72887b461f9ad6058e73a276ea69a30911f90cd29b4109630d7d6c9e074102b6Dicoogle PACS version 2.5.0 suffers from a directory traversal vulnerability.
7fd55fe723ff132f7fd29570edbc2c78e4c7ef52eb41442b183ce26f74c8a23fMicrosoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.
14c73972e0db8500904cd6efa9a56ea40e8f8fbd7ed64d7345ffa202523fbfe4Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash.
9e8f060d028a3d93afffe9ee1b45849ed961e276d79b29bac398a156e4412c41Lenovo SU version 5.07 suffers from a buffer overflow vulnerability that allows for code execution.
505381c5a85d355d77b918a529399b323ac27d757408670697cb8ade4852bd29
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed