Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.
0e5c78b52a8faacfdb2de57265661b6c719a85c4847298f55630458f64d9b2edUbuntu Security Notice 3725-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
bd7c82bd9b43d8302f1ba59e7e245d65ac06842703a6bb0d4e6379f2c8ff9fdcRed Hat Security Advisory 2018-2289-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
89db1d255b2ebdecdf4e455112b4792eed9730114402ea293fd5d0b93896cadeRed Hat Security Advisory 2018-2290-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include an integer overflow.
4e72de47595402af82b7742070e9de1468889fe6778ff71261bcae5655fa8597Microsoft Wireless Display Adapter versions 2.0.8350 to 2.0.8372 suffer from command injection, broken access control, and evil twin attack vulnerabilities.
12ac02f7b82abb950c50fc899c9ee75f0eb6c39678669493f3d3a29f178c6b13Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a clear-text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.
b88245a3c30e47eecf7a2837426863c2649600bf0a874b7d50debeea19b25006Red Hat Security Advisory 2018-2282-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and information leakage vulnerabilities.
ca5766f6b9de8d71d945f0c80ca146b85298f67e058c051a145c1c10100e5988Red Hat Security Advisory 2018-2284-01 - The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Issues addressed include a traversal vulnerability.
88b27afe2aa19bbc48817cf9c7404ca008beb3f307e3205b174d9219766b8713Red Hat Security Advisory 2018-2285-01 - The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Issues addressed include a traversal vulnerability.
be32cbe9654e9e32200354086a3bc6c21a5b1f829cfa2287fb8597d4458e027eRed Hat Security Advisory 2018-2286-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.
d274be6d6ece344f0a707f546b44fdb63c8772eff44769765004f7df4c852b4aRed Hat Security Advisory 2018-2283-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.
15d9125195132ea4b872e91f3809c2bc02898b200dbd17af922ad3520923d39cDebian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.
6ae379afa1bdb3daca80e53b902623ac0af07b819114316f385107c5a5c45863Debian Linux Security Advisory 4258-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
ac4d29a191b91b8377d86774f4f94d83e77e95e3518f503758d5d1efa7396b29Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.
af6fc158a858662e25882608104480c25fcc4d45a236f8081a633157c455f8c7Gentoo Linux Security Advisory 201807-4 - A heap-based buffer overflow in cURL might allow remote attackers to execute arbitrary code. Versions less than 7.61.0 are affected.
0a2320b12f6346b6d6a07303de445c5e22e0dc8f7838dc4b90dd35b3b1eacfe1Gentoo Linux Security Advisory 201807-3 - Multiple vulnerabilities have been found in ZNC, the worst of which could result in privilege escalation. Versions less than 1.7.1-rc1 are affected.
91fb9587b76cf7af39bf255f51d11ce5f6170df1fe7a9a3e8a017635623d2674Charles Proxy version 4.2 suffers from a local root privilege escalation vulnerability.
022b946b1409e26401b209a1aa852ad95f4591f9759d07971ea39abb73b53a73It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.
f8811f70025a2c7cb736546cf68f180165bf220f896460ba119cccb6e37d586cH2 Database version 1.4.197 suffers from an information disclosure vulnerability.
7841faedc6bfb56845db58f47690946b3a6272eac90086bb68a2620ab9cb2cc2Microsoft Windows Kernel win32k!NtUserConsoleControl denial of service proof of concept exploit.
47e748a334f6f70e95518c223320b5c7d7cf8bda63d29793d1ec8a9e55c4154bAllok MOV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.
f044517576deac6ab5a1a13f6f5e6467e05afc881c175e184e7ebf9eb713f076ipPulse version 1.92 suffers from a denial of service vulnerability.
4a5a02e1b9f0a0103ee6a0477f471fc2ab102ac2f5994c9398773abb0311a0ea
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed