LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
cd29b75f4fc26669967838b2cacc350651afd70ebc41fa183a818a2044008a19SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.
0f96734c2d9102385c242ff25bcaeda5c50413756e19e450e1bcbfe8ae166734FlatPress version 1.3 suffers from a remote shell upload vulnerability.
95b37bcd0ee004b10ed07d1d5449e20f0b6c896143d3d34e105388324e4c71e6WordPress Background Image Cropper plugin version 1.2 suffers from a remote shell upload vulnerability.
7fde3f2c891e83214995aac3e02a1bffb22561963731277fa9a9d738f179af92Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Markup Sandbox function.
dc9ebb411726c774da4987d54d2ba2f224359e747d24c55618c19978e8b73e8aDebian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
f811fdb59918d1ff6c0f69e7c41be61c5a9681f083aca6ccdb106ccc1fb89b43Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
fbdef91004d190c96cf4e043eaae82ae1153ee17c38e14e93c908daa2a909e66Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
729c2c491401a2ba3cbcc24fc7e792dce6e1d41caac420160758655bfe67ca27Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
6d7cd6326721629b499ff1a4ed3916c1134b9cf7a03933ebb2aad8ffbd18a71dCentreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.
68173f83f0f09f1ae43ac3a78cd02b33b6ccf09520b2e1d1d103a308c74bddd3Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.
dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584dUbuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
de34dd341ebb6d403b4c828166ceeda34879902207f833c29fa8ffd18d7ee2adThis Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.
fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5aGLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.
0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9cBMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.
3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7Kruxton version 1.0 suffers from a remote SQL injection vulnerability.
9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cdKruxton version 1.0 suffers from a remote shell upload vulnerability.
eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.
18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897bAMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.
d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.
e3ce711f4b8356d012259f34f7f227e8907a46d0f7af6bb3c35ce4c0de5a0e57Online Fire Reporting System version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9342b7d21282ed54ce4702c6cda7276732332887ecb951f160125d0470ad7553Stock Management System version 1.0 suffers from a remote SQL injection vulnerability.
ee8f6806eb002eeb79308e1f582300e6c9e5c6963aed8ff7b5b730994fc80298Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed