61 bytes small Linux/x86 chmod 666 /etc/passwd and chmod 666 /etc/shadow shellcode.
4ec34454d2a15a5707726a311258a81f29cac15bb8923a1070f411e5d6e08437Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.
efed5f9ddc3684e7f863dc8438c5a72e1a0114838f1748ce7426e214fd501234Debian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.
65dd8cba6f290b367d6f7ca9efcb0cd49d4224ec758499a300c2b6b8b4471acbThis Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.
56921faf23d84d68f64c70045561cd00f989f797c3579b3de87eae4139a3e53cDebian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.
65dd8cba6f290b367d6f7ca9efcb0cd49d4224ec758499a300c2b6b8b4471acbDebian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
4787823e0c09d05400e7a707e0726a8e7e912bf644dadb7904a67a608c966456Red Hat Security Advisory 2019-1763-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.
8816b0144ad4343383afa8284e26adb7629a9a83576574f817a6bf1a2e2913fbAsterisk Project Security Advisory - When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.
246c916e8473ad9977ca8cf7ccf517b1947e0129d38290e5c1324a1d4ffccacdAsterisk Project Security Advisory - A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
010df218382c8c6f9a78c9061e3536194945ef6df1d39848696e8e06f23b6f47Sitecore version 9.0 rev 171002 suffers from a persistent cross site scripting vulnerability.
fa20a9066f47b1efc386dca15a6e3fb0366d3cd110e4414a6fab320e3653acfcSNMPc Enterprise Edition versions 9 and 10 suffer from a mapping filename buffer overflow vulnerability.
a29935022d759a5b2f2621adbfd4116ff7aa170f62f6681df37596aed50afd8dScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
36b4bd05f74b13aecbbe249253b3caf4bfced05de979e67c543155242257670aJenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.
cd5ffe501243df3312d0721d5cd596bee99b0e8d2898b76aa16162fd57fb796cThere is a Microsoft Font Subsetting DLL heap corruption vulnerability in ComputeFormat4CmapData.
88c8f33972cfdf8c4a1abf07e27de14c8a881010277ba8de5406bd72df2dced1WorldClient version 14 suffers from a cross site request forgery vulnerability.
26f8179ebb21291ca13dd54bf46c9fdf6a1050b8228236dafcfe97f24efa2effMicrosoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling while processing CFF blend DICT operator.
4fcf434e418ec4b78b4c2d63832210327781ed08e528c125015656abfd99f10d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed