Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.
7265358e3e4327bc951c92f719451fce4a2ce957a5c1a6bde9f57d3d6646ee0fPanasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.
99282d0ad093fb7f0b78aa1a3e353d972615b19e9b6715a70f10d0e4ebbfcf3cRed Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
5502336b85746ee81fff7e16aa81cd6f87dfc46e903a7840a4207753910e17e5Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
cef1580c2afb6cf2bd8a84003d5771f8149f09ba4f18f87176a2615bf4d50261Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e8f9ded0ced617874263eb0c296a5b75636436070ea49ac10fb48402f22578d3ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.
6146594a8eedc5b48c3895039ed9ff9b2da349396d6a84e9003398290c0214e6ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.
a3eb218a2f08f0bd814466c67083d00a77e140446ee2dfeedea41ff480fbbb9fObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.
af1eaef07e52be0596d75f8c870d0a1dc0e3ff1cc76c2eabee1d671f01d9c7f4This paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.
e98eb4f64e115f6a22e5fb658a650a8f88305b65ab9f8584011c81fe80099560
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed