Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
f646132213ac5199fd0835b743af47740f9030b83556dc9ad35a5af5da00ade0
Ubuntu Security Notice 5615-2 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
ee761ef6e19d379bce5560d3dfb6533fa06c67a12017651e03a872648746a6fb
Red Hat Security Advisory 2022-6741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
058d93ee15c69d7a7c5f8f0f0aece4f72c2f05b24cb23c11dc1b8bae327307e0
A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
22c5dc6dfc7500db94b6f8a48775f72b5149d0a372b8552ed7666016ee79edf0
Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.
d94efabfad9904e592ec82124c03316f4ce8b774ae57879750a98a1445884262
Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.
54b5f2852b454991cb45a80382823090c9ab28550870d5b5a1a6ae83964d87e3
Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.
46c4a791137670f7e5bdbac84f1b17ad4b368c2214d2709f79e8c9bd7c67e379
Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.
3ede5028958a1effbe95fce1926ba0492f4dc037dcfa74011730bc24129aa41b
Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.
fa94546c58f17991b5a646049ec8ec30cd923dd7fcf8ea2301f30eeeb7d86f13
Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.
dba8c93e85cd1df6195d39d4a331df0a884b158c86b28ffa00bd3dea43e7b6ba
Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.
7b56a9d176668a085432fd6441efba2f1cb355a86dd6f94e9c5fcdce3437fd1e
Online Examination System version 1.0 suffers from a cross site scripting vulnerability.
2cedda0df4347ed510cf540f0c12e96dc76e73743d9ba1ef37fba000b2d31b53
This tool packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401. Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5.
1401bc41094d6c399524f490182dedc77295916d73ec25d4c7ea3751f754d6cc