Ubuntu Security Notice 7049-2 - USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data.
1ef836801b877272adfe67ac7b50491e2b11f94aae8175ec4b8655236596a7edProof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.
5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.
df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ffRed Hat Security Advisory 2024-9457-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote shell upload vulnerability.
8227c87ea3c4a2d6d25c74d77bc24b194c3a6bf80fbb99081bf8a9064998e024Red Hat Security Advisory 2024-9315-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, denial of service, double free, information leakage, integer overflow, memory leak, null pointer, out of bounds access, out of bounds read, remote file inclusion, and use-after-free vulnerabilities.
32308f49513c3b581bb9c141ba5087f4778c169dc1ab2498edc6b4de6282aef1Red Hat Security Advisory 2024-9194-03 - An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote SQL injection vulnerability.
b06c0e82d5c14385ecdaf3f54b54eea639160836d39876922e055fb7234b1b0bRed Hat Security Advisory 2024-9193-03 - An update for python3.12-PyMySQL is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote SQL injection vulnerability.
6de9c7ed1fd52974da32baf4727a7a7f7a02a7a050c58109ef02a42ff151f5acUbuntu Security Notice 7094-1 - It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 14.04 LTS.
0a3549b040f05e5f31b861b3a44ea0e7afe9f586f80ca702bb4d248e08d92775WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.
88bbb0e549a78d6ccac8792066a572155603f8e8b352a29a78237e92f01cd2a7Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6.
cc940e99f4e4ef4ac83ab7b84fe7d3f90ff95549ed54049913abec4f7582bf85Ubuntu Security Notice 7093-1 - It was discovered that Werkzeug incorrectly handled multiple form submission requests. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.
483f7153b8e6742a0abe85bce778ad7a05b894f8541d84dcf7d81af87423094fRed Hat Security Advisory 2024-8906-03 - A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Issues addressed include bypass, denial of service, memory leak, remote SQL injection, and traversal vulnerabilities.
8f7f0e644ab20d80d0519a1cbac1645b029d63fd65ac99c9fd4d235c38fd0e25Ubuntu Security Notice 7092-1 - It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.
65d1be200e4d1922fc1cd30e8b53862145340a56143ef50e6560995be2228d0bRed Hat Security Advisory 2024-8842-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote shell upload vulnerability.
ae91c8664deb819fc4ddcbf4831200d22f81218eccceadff115c6156faa9ac05Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
9baf26c387a2820b3942da572146e6eb77c2bc66862af6297cd02a074e6fba28IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.
bbe5e2c1ca7d3b42c24076cc8aa46544dec9bd260d2ef8b56f24a6ec52ecd952SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
454076f23b89f57e45086d97afc09d37ad082fe918f4d6e98b97f0605eece69eUbuntu Security Notice 7084-2 - USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
312ed9f8bb4ab24eb7a502a24a8630b8be43aedef291065858629e605d73ca8dUbuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
29ff94c3d9e8abedc1bc6ca7386296e337966fbed2dbee657de8625b278ef2efThis Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.
ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cbABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying requests to localhost (AspectFT Automation Application Server), granting remote attackers unauthorized access to internal Java servlets. This exposes potentially sensitive project data and configuration details without requiring authentication.
daeb2790f0aa17137e230e9743c822114097df90c546bcf21d4fe680c859fd52ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.
a08a2149099c34ec40fd07e93366c624394f11cf20f4846541af94c2dc635080Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability.
560ebed6d4ac441b5c221ab45725cf6200de08900c517d47576960db33ef2183
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed