This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
d80500f62044dc3f7dc37c282b30194790326326fe1303d664ec78ee54518ad4This Metasploit module exploits a SUID installation of the Emacs movemail utility to run a command as root by writing to 4.3BSD's /usr/lib/crontab.local. The vulnerability is documented in Cliff Stoll's book The Cuckoo's Egg.
9a45ef7c2c0d7e05f3ad54afa5cf8a4f5e411cdd781a161604fbfb0258e39186Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
283beaa68e1eab41de080a58bb92349c8e47a2bb1b93d10f36ea30f418f1e338Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
d3b98f183be2b676d1d9734ac40d80b79e9b53fac32045636682ca10970c8edbClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
f12a5ad86bc4e0bde6cad2d30c49c7daab184cba7ce631909434b5d9533a5ad2NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities.
a98260d96973f77023baa2984d22f2c53c26e72d88408163fbadc069bbb33da3CubeCart version 6.2.2 suffers from a cross site scripting vulnerability.
2f559e05f4904615335fce184135337b0008141c5e384fedc121032b0dca9264FreshRSS version 1.11.1 suffers from multiple cross site scripting vulnerabilities.
0a8b9cb9503f9da864c10c7b265beceb73eeafd5015654419b4bd75d732eefb9Joomla! JE Photo Gallery component version 1.1 suffers from a remote SQL injection vulnerability.
28a21ea52a87a4c4cbd63523b900d993bd1a8bcb09e6536dea55102c2e62ab5aPHP Server Monitor version 3.3.1 suffers from a cross site request forgery vulnerability.
d94289a27ecb3b1982a623c3c4d56b22d7b8c406405a0a88642bf566b1b57e03Apache Superset version 0.23 suffers from a remote code execution vulnerability.
6269d36c1d5a537811baefe01271be9fbe27687ebae84b1544e4aae784b06c32PaloAlto Networks Expedition Migration Tool version 1.0.106 suffers from an information disclosure vulnerability.
f24c7c978f7320bb915189b7d445fdafb8a66dd4274c40db4e41a3cfebe3caa6Rockwell Automation Allen-Bradley PowerMonitor 1000 suffers from a cross site scripting vulnerability.
579a0c34c622de04394e6d8a9e45c4d4650ab4393f5e5b1ea84531f0e8f66826Fleetco Fleet Maintenance Management version 1.2 suffers from a code execution vulnerability.
b70ed3fd76e400e64cbe5dd15879c1855143faaaaf77616cb76e7a9524963a01Red Hat Security Advisory 2018-3761-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include an incomplete fix for CVE-2018-16509.
cb321dd31dcd45f0ecfbc84a0c293bb113016a9ba1f0ebe93498055a70f89b5cRed Hat Security Advisory 2018-3760-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
c0b5e2769486069d204e50f7e3f88899e3ecec392143407a2813ee619249a793Ubuntu Security Notice 3836-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
381aa075aa2708693455c43a91237a24db2a3c496d9a9b5a2b1927429cfebeb4Ubuntu Security Notice 3835-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.
0d98e117a7daeada246e248b8dd8991176e44f3691e448cdd5919caf358556aaWordPress cart66 cart66-lite plugin version 1.0 suffers from a database disclosure vulnerability.
ee8f531b759db2ee80fc7042686ab12d557f651f4cf9e44d8cb49c029e2daf8dWordPress zerotolaunch plugin version 1.0 suffers from a database disclosure vulnerability.
f8f5cef6c549813c211de841059f21aab347f95e2a2b6ccf12c265800b48c58bWordPress wp-contactpage-designer plugin version 1.0 suffers from a database disclosure vulnerability.
db14c0b13112b3acfe40e657e26c6830ce9b924516c21dde3f3b229924e2ca04WordPress rss-feed-post-generator-echo plugin version 1.0.0 suffers from a database disclosure vulnerability.
0494a60b430468fb725d88318192870b903d034fe273171e509ee9f697b17b8dWordPress BlackHawk theme version 1.0 suffers from an open redirection vulnerability.
89fe061d85b8251dcb656a3950fbece58a04bad1e156686ec04cbff5cb930c1fWordPress BackWpUP plugin version 3.6.6 suffers from a database disclosure vulnerability.
d3484d28815bd05fac8a270ba486046035d991e7aa7ce3246f84586b05defb55KC GRUP Web Design version 1.0 suffers from a remote SQL injection vulnerability.
c1a289d2cefca352a53ba3b71f5f5957fe0bd6368b177aa249d197e6da79c5ad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed