Debian Linux Security Advisory 4029-1 - It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.
0c8bf318ea5d93760e0b25517974026286500b75c5b08afc1ea8612291b3ef43Debian Linux Security Advisory 4026-1 - Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.
255495f54c15679212b3e50178fa5636fd83a2a20b73aab02a16c661292a83f7Ubuntu Security Notice 3476-1 - Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
1f64f6e986ef746cfcbf94327427993a8098519a1c04876116d873fcc13c80acDebian Linux Security Advisory 4028-1 - Several vulnerabilities have been found in the PostgreSQL database system.
cbd848ddf6110983e524aa48c273c19895389a4f16900a1512e8dacd0e2042aeDebian Linux Security Advisory 4027-1 - A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions.
90750400559ffa57c0adb98fc1930a5a8519a198080437110648f1e65b954777This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
6b39da14542fa8942241c00d90b596f1b8e7b53d137cd3bb9c3db76cef653dbcWordPress Secure HTML5 Video Player plugin version 3.14 suffers from a cross site scripting vulnerability.
40769602ef6f65c80d2250992c1700e2992d705a675600e959aae4437cdd9cb5Datto Windows Agent suffers from multiple remote code execution vulnerabilities.
3df4488afd4946d5280a986323aef15548389c093e71baddab673dcbff1dbfc5PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed by a sequence number. When the receiver is activated, it starts taking screenshots at twice the transmission frequency (the Nyquist rate). When it detects a valid header, it decodes the pixel colour information and waits on the next flash. As soon as a valid header is not detected, it reconstructs all the flashes and saves the result to a file. To transfer a file, you run an instance of the Rat locally on your hacktop, and set that up as a receiver. Another instance is run on the remote server and this acts as a sender. You simply click on send file, and select a file to send. The mouse pointer disappears and the screen begins to flash as the file is transmitted via the pixel colour values. At the end of the transfer, a file-save dialog appears on the receiver, and the file is saved.
46b49759c3e71c5fad991b4024e899bf9a681746ae292a4715bc5703ec5ae2f2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed