A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges.
b4fd5ab59754c50d0a4004387d6ef82f58b1de0dc8f81de2438e2e8a8dd7f4fbA difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges via a long X11 display name. The vulnerable function is located in the libDtSvc library and can be reached by executing the setuid program dtsession. Versions 2.3.1 and below as well as 1.6 and earlier are affected.
7f50111057b19d6619dd24b1f2d5b993965259bb33db3ffa61cb8236878b3cc3A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.
77a96ff828853997303f6f447de00f2ca068b80d3a3c567e8415e33a6e0d0922Fork CMS version 5.8.0 suffers from multiple script insertion vulnerabilities.
7fda84cb9778bda0039a49e505a8ad8d393403f233e7fbc13127c481e8eb65bdThe Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.
c6b28c761212f0e60e98658f4009e7cd57fd0f4804640083646a2559d8213009Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.
e614085b9eb87091a2d75dab2853ff80979807cfc96148439021df1a832b95a4CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below along with 4.3.1 are affected.
bbbce1a3b7045cbd54fc2a306c012fa2c4f6c7730e766b2fc190b6abff8b3216This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.
35b12f162c0f93f5dcd8552c4530c13b6a4979bffe9b0558493c22aea31db7e7This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.
ad067bdd31d638c4ac1ccfedad48f8bc32df34ac1fa4200beab6496c6c318e9bSysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
46fe71a817e2da763dfb01c1b0644bc54b6ee557a5646d87710e442b7490f151Red Hat Security Advisory 2020-1497-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a buffer overflow vulnerability.
f80f1e718d52160743afe826ffa9c8a4d9183700f91505d41bdbaf883bab9c21SMACom version 1.2.0 suffers from an insecure transit vulnerability that allows for password disclosure.
f51ea111518ccf91ba58454f6ee50e3572a1f227c409c3020f5f8696db69e58cRed Hat Security Advisory 2020-1495-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.
0372171b6c3257e955ee13ea1cff0749a2aa8955f6d4bbf1eb56e15f1c77b11dTAO Open Source Assessment Platform version 3.3.0 RC02 suffers from multiple cross site scripting vulnerabilities.
c1521818335dcbc0d7c50cb49dc538af5b8ba8dd18438843a1e838ac9d5b8ad9Code Blocks version 16.01 suffers from a buffer overflow vulnerability.
3ddb4099b98d797c8e41079662c781fa87ff2bfcc8bb1c3e42448a9fc05f2402Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.
b0f783dd4aa412caeaa6e4c50fde08b54f10401f9c81abbfdf18170d2f268985Red Hat Security Advisory 2020-1496-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.
f9059f9f96f09681cca6c1c026a26d7147b0fd9e3e88a56fd2fa77c59fab7c6dCisco IP Phone version 11.7 denial of service proof of concept exploit.
91023709bd06cb09c03533c7926183d762565f1ac3417ed227ca0ea133cc7045Easy MPEG to DVD Burner version 1.7.11 SEH buffer overflow exploit with DEP.
96f59ee1d96bf8e52065014ce84fa1287014e085b286c877518311cea7eb3b77
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed