Red Hat Security Advisory 2021-2881-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
1abad6cd034d4e210003aeea49a7aa96a6531d7d8206e2d3653727e7a693a7e0Gentoo Linux Security Advisory 202107-55 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition. Versions less than 2.0.14-r1 are affected.
ce60cb93d4997d55bae33b037ba8280ed4b981765af10c76c95d32a36c5aad1fThis Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.
7d2c3f217f9d96a1b8933d18886edae37099a342dcf9addd2e24438914311c20Backdoor.Win32.Nbdd.bgz malware suffers from a buffer overflow vulnerability.
02a6e6b4e7f1ee2a3ee5d1ff17768628f0fd9a6cf9e2fe485ffa062e136c4971Backdoor.Win32.Bifrose.acci malware suffers from a buffer overflow vulnerability that can allow for code execution.
e7ff7beba1447ac3d608179f7dbf177816f920b58076bfc625d74462128d57c3This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.
69c7df31917c6908273c697f81d8629ab2b33991a9590623c7646f14dbb26004It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
85ecff3443cabbbdfd95e276021ce53f9ded3558dc511597031bf1014cb24140Gentoo Linux Security Advisory 202107-54 - Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition. Versions less than 1.0.236 are affected.
981ee2a45cdbec8d46e060b9a1d8a582b616f5daa93004cafe4da957e87f6d3cBackdoor.Win32.PsyRat.b malware suffers from a code execution vulnerability.
b94f188d5b72816ba6c6a88047e9b234a8b6e2bf4982245db628b2ec3e188457NoteBurner version 2.35 suffers from a denial of service vulnerability.
ce941ba2e26208ce754836f68111a875aae6bea508e8f79dbf7827a148fcd779Backdoor.Win32.PsyRat.b malware suffers from a denial of service vulnerability.
18baa74565e7118914ef0b230542a315d6f466336949d00462737f4c0ecb232fBackdoor.Win32.Agent.cu malware suffers from a code execution vulnerability.
cb6498c6bec099d2379ea17d52876ebbf81804d7c7486de499a91e24bd47624dBackdoor.Win32.Agent.cu malware suffers from a man-in-the-middle vulnerability.
bfc8d46b65dccc55f4aa9b62ef7da9aa24b50f4baaf5e68e09810c2405eccc91Red Hat Security Advisory 2021-2883-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
e096683e76898d1eaea35357ab1b988bbe72aec2f57378f059c90f0a0adb2d64XOS Shop version 1.0.9 suffers from an authenticated arbitrary file deletion vulnerability.
6f8b017fcb905dadb6bf19edef6c377d8386f4f1960c35cbb20f753ea24da872Red Hat Security Advisory 2021-2882-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.
979c833879e17cecfaecb4a319ffb009ce3014d0ffab398c546dc8b76c33b894Backdoor.Win32.Agent.cu malware suffers from an authentication bypass vulnerability that can lead to code execution.
61eda62bb4a6f9929d043aba15017859198331f85695deaccf5ad4b3d7eab803Leawo Prof. Media version 11.0.0.1 suffers from a denial of service vulnerability.
dc71b0a59f379ba636465daebc7ef5fee1d75cfae636e3685417324cc2100f4aBackdoor.Win32.Mazben.me malware suffers from an unauthenticated open proxy vulnerability.
54674dcd5128860dc74e2d01a51168f50378f33b7acdb33a6c2da63880a20352Backdoor.Win32.Hupigon.aaur malware suffers from an unauthenticated open proxy vulnerability.
2917f1529a64d063f4a36d2b4856b25b9f6f04e88aa83362d67dd0ff25e6efe1Elasticsearch ECE version 7.13.3 anonymous database dumping exploit.
fca9927fbaec3c0c7e66a7316f382e0c4a0a308b7deb63b9e0b0e30c13e6579d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed