DUMPit is an exploit for the SHAREit mobile app abusing two recently discovered vulnerabilities affecting SHAREit Android application versions 4.0.38 and below. The first one allows an attacker to bypass SHAREit device authentication mechanism, and the other one enables the authenticated attacker to download arbitrary files from the user's device. Both vulnerabilities were reported to the vendor and patches have been released.
dca3c57e123cd7505a079d465df0e3ed6eb0383632d057de092d08aa581a3e30Ubuntu Security Notice 3898-2 - USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Various other issues were also addressed.
1d29daa586638d1687e2c77add0bb7c8b731fb2a215cc537c3825c522bfe4767Slackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue.
5c1cdf9684c784e3419f4f62d1ea6abbe56bd1569166ff01ede23c6e0f9a6356Ubuntu Security Notice 3898-1 - Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
65d8d1d3213e311db3f67d9de307f4175536c1d87172fe22447aa6e2df8f42f3Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.
314dd057e4f3b505847675be956a215758d853b3d9060ea0c5c55356b5e867b6Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service.
fb9baf689c47875cf56ed6918386a270499142ea5e915be52d8936b09ba2adbbZentyal Server Development Edition version 6.0 suffers from a cross site scripting vulnerability.
1dd3682af8e86e66ede142a3e3ecd5ee4b86fe668c2a76bb2b415cc98deb0bf2Chrome suffers from a use-after-free vulnerability in FileWriterImpl.
2dd17dbd1895915d6546d52f25a07461fc335eb44dcded0bf7d33720916ebe5cUbuntu Security Notice 3895-1 - It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service.
2b2e15be3d1d6bdd1eeb95b8e0be3f5ad3dc34c9b908b95f55d32d379fe55a61Chrome suffers from a use-after-free vulnerability in the RenderProcessHostImpl binding for P2PSocketDispatcherHost.
11fb3cadf252944e7b29e9069845929d7d4986f025488c7c0c80f5dc9b88bb27tcpdump was found to suffer from multiple out-of-bounds read vulnerabilities.
cea131972888984634d05f66fcb925a4eaa31822c00269467fbc5939cb230885Chrome suffers from a use-after-free vulnerability in RenderFrameHostImpl::CreateMediaStreamDispatcherHost.
fb031633c01be0530ba93f915787ad97df1516fb4d5cc8dcbb8d0b436e7ca99aUbuntu Security Notice 3896-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code.
a72423c41131d6f0eab08f80f97e7919e4ef553b52bff4b3bdc59fce70235de0THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7c615622d9d22a65b007e545f2d85da06c422a042f720bd6c5578a1844dec40eUbuntu Security Notice 3897-1 - A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b874881641fd7509c472416c48d3b2ffe94626ff3840fa1538992148440c2484Simple Online Hotel Reservation System suffers from multiple cross site request forgery vulnerabilities.
c37555b23a0682c85d048543ed9bbd91aee430dfb3252aaa2d192b608774e2d2Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
4108d89cd5aacaa5aba00bce1d89efdaca7515189ceb474f8a7a6e3a9ecd5ac2Red Hat Security Advisory 2019-0415-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a race condition vulnerability.
21480fe02116b1998f4a25a82c619e388937930d0a494affab02c1646b7ebe5bRed Hat Security Advisory 2019-0420-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
9d215922debd8fb7cdfec01420ddbc6e0b621cb31a7eaaea23b02be171fb8e8dDomainMOD version 4.11.01 suffers from a cross site scripting vulnerability in the custom domains fields page.
b7f2bf6a2c81c5c51b98752fce5e1a6eef8695a29d0c56a434778c0e32ac0dd745 bytes small Linux/x86 XOR encoder and decoder shellcode tool.
53cc6383c1503adc9fee0b000a25b33ee5a694c3e686d5c465a656763c1d5585vBulletin version 4.2.0 with ChangUonDyU Chatbox plugin version 3.6.0 suffers from cross site scripting vulnerabilities.
bb1231371b917c4f9e749a0a46ebf3e8059e33f4abd5c0f9cd3a8c41f8b16d9aUbuntu Security Notice 3894-1 - It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials.
a20948c7dee901d679f7307e7614b3e46af63d7076b753513dd72f2fc7cac6faRed Hat Security Advisory 2019-0408-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a file descriptor handling issue in runc.
f242eb1bc1a662c6c05d8031be82a78052768334224c021465f22ec8423fba33SQLiteManager versions 1.2.0 and 1.2.4 suffer from a remote blind SQL injection vulnerability.
f05d89a50e34425c7eaf33707af3151232c78c66c9d035d35ba381c9d994a25e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed