Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities.
0e3741960613c004524b690b1b35f4d2ebeb5d3c6b149260b3ac38f16eeb3731A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.
d213971899e2afa9864a8613af2fd95bc020cf4d68541d24a96d77ad4ad8264cTeracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities.
86b6179ce97f3abb7bdb587da6b1829dbc68fca0ee8bd26bbc694d7d49d2eff2VertrigoServ version 2.17 suffers from a cross site scripting vulnerability.
fc6f8c9a0cd29c70aacb74b280bb7d4e1e9db89ad27ed73df5865fab89fb5f5eAdvanced Comment System version 1.0 suffers from a cross site scripting vulnerability.
00adb605e87c4cb31ea92bb93bf6b8026284eb482a25aa0ef2793355a35d008eKanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to disable an account's 2FA configuration. A lack of integrity checking or transport layer encryption enforced on plugins enables remote code execution by a malicious admin. Other vulnerabilities include: session privilege retention, 2FA bypass, database user_id and pre-2FA information disclosure.
abec0c69d625c6f84d75bb7606972bbe89646828118f7338be373095d831fa2eThe COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal (..\\..\\) characters. Therefore, this function can be abused to overwrite any files in the installation drive of CMS Server. This vulnerability is exploitable in CMS versions up to and including 2.4.
6d033ef3029641056b2c16198f8f5b9e4b8492af096081aed986b20a206dd234HotelDruid version 2.3 suffers from a cross site scripting vulnerability.
b8b4d0033d177aa9bf8b3150356f740ab1f09145a7f00bc8aecfbdcff02f3a62Apple macOS version 10.13.5 local privilege escalation exploit.
941daba740ea0ba40899aea1ada256ba3b7160f9a918deb5f31281c172879522Tech News version 4.3.4 suffers from a cross site scripting vulnerability.
73c7118880a31dac8870aa5772ebdb199159ff7d4031d09ea1acf5649307108cUbuntu Security Notice 3892-1 - Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user.
5cbde4b75000a4c185fe9c87414fb3810aba4a7733e35005a88e58de4295fb5fDebian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.
2dde31e5783af9038db0eb1aa458aab47e774751c9f88602e04c74b7ca36d972Memu Play version 6.0.7 privilege escalation proof of concept exploit.
309a6312f6b62536d78b6685cef365273ad8c9bead5335f0f87edbde0696e778Social Bookmarking Software version 1.2.3 suffers from a local file inclusion vulnerability.
74b558b7ead2ed702a1919fec1ddd7d973fa54d6dbc8538334512a9d2515883eFTPShell Server version 6.83 suffers from a denial of service vulnerability.
04ea1454d21ee1698dc172af771279063e283efa170dcd17bd9cd5c8c162b6db
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed