The EuroTel ETL3100 TV and FM transmitters suffer from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.
16066a6818e6e4e0cbff4c06a01f3d229bdf94f93186113a922c895f6d2698abThe EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.
cc86fe1ce248afc0a0a39f2572e3ebbe5c33449e3144ca2a530416b9b690998aEuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.
01968fa2229cd900e82c526109f7fea321b1e471640bb99f50efbca8c488e208Ubuntu Security Notice 6279-1 - It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm.
7befc2a9d8c44b378644d28fbc5589a12c2f82aca9b932476de506d8fbeab810Debian Linux Security Advisory 5473-1 - It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary code.
13f4ff90f65eb975703959742a0e15a689101fcd01605d6c6a6650c79c18cdbfMetabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created with a TRIGGER that allows for code execution. We use a sample database for our connection string to prevent corrupting real databases. Successfully tested against Metabase 0.46.6.
0a49c9f4d4d3d065adc61a8d542b1a3379563811b2a4fdfe39b4bc3102f9d059Ubuntu Security Notice 4336-3 - USN-4336-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.
0f0785948b31ace2d42ec0b363566447502dc3e0f032ab3e30c71a1880907716Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.
398492662e44a0c763fee25f39cae11943767ba032c8f6482dec1ab6f6617eafPyro CMS version 3.9 suffers from a server-side template injection vulnerability.
b4222e8a44749f81693f1c9d7b2c399f369bc23d6b78bbd59924ce9c0a518081Debian Linux Security Advisory 5472-1 - It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.
e815ed796d98716daec24718d9f1e8fca1f08e0f4680903994da1dabbc41af77Ubuntu Security Notice 6276-1 - It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service.
6fd45d1918afaa900a6e70465f1779035cd46177c82a3b9a456f1656ce4c1b08Red Hat Security Advisory 2023-4571-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
649b4756ae9affefac4a3eff17b9062a43ac79ec7d41e42dc8384364fe8203a5Emagic Data Center Management Suite version 6.0 suffers from a remote command execution vulnerability.
1d50c321ee6832e20eb2a71f877d5a9a9ada4c378ca03a610f698cccda5baa0eRed Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
532c4fbf019524998ac4f30914e694f4a2616c313f9ad3906aa91dff42700b3fRed Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
a98593a8060ade811648ba5d5dd712824690b84a705e28c8fe1981b12209ee79PHPJabbers Vacation Rental Script version 4.0 suffers from a cross site request forgery vulnerability.
0c74e788b1e03344573d579afe7ad511042a1c481a797e566edd00c973203c42Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
b9b138ef5ed2017d1d6071fb95c69743b0800e58f2f41055d4d6bcb0d2caee06Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.
da2d29ded40481e4c2dc5ccb687e50901b85f3d25e305ae8bab1983aed0341d9Red Hat Security Advisory 2023-4570-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
ca67723896efb65cc2a82478887d080ba1577972b840b76d2d81df90a22d1ec9eHato CMS version 1.0 suffers from a cross site scripting vulnerability.
288795acae37e9889703f9a9e13f4dc91e382a11ff20d9b6c617e50c574fefb2Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.
afad1c220fc9a0f9c55b16ff2ee432a14c6bcfdc35bd7e270945acd8f3ea9e17DevSoft Arge Bilişim CMS version 1.0.0 suffers from a cross site scripting vulnerability.
67272756c10ccd80820dcdc8958e030b5c08f1c3aa5baaea2b17f8a2dea08a45Desenvolvido Buscazip Guiaking CMS version 1.0 suffers from a cross site scripting vulnerability.
b7814560f8a656d8237f757412df185c3b0f95717762621b740327fbb08e94c6Deprixa version 3.2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bd01df16d1b4c68e65363a4a7bd1cf83c59687b4040c494ab5f0b59d540d6de1Datoo Complete Dating Script version 1.0 suffers from an html injection vulnerability.
6ff697689f7bbcad80da1988a407104f2abbe6fedf40761d39996b8f78276efc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed