Textpattern CMS version 4.6.2 suffers from a persistent cross site scripting vulnerability.
ada1a551b325dbaa70947f4134ebf176487a2919f9942186de887c6522e038bfPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
449d451ef819c53dadfc8e60be9287c2bd963086168e96fe28b71e7cb61034e8A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.
1f21883898656dd0185b843ee6ff9849f7cb2f76e87bff609d9f9c340161a1d2BACNet Test Server version 1.01 suffers from a denial of service vulnerability when sending a malformed BVLC Length UDP packet to port 47808 which causes the application to crash.
6dd99bf6a5222f767f574ad92209d003071fea0e8e969f95e4fc695e619b078aTypesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.
ee974c9d37c8aba758fd4db3a34e859ee9e9a7a9e7db287f6d35e858f330de34FortiSIEM versions 5.2.8 and below are vulnerable to an unauthorized remote command execution vulnerability via Expression Language injection. This advisory notes that the Richsploit exploit can be leveraged to still achieve code execution.
41a7244cc155ca357017d0f400fa1ea31bc629fca173cb7784ea84fc938847b4Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
9f7e790196892600a1c10c340560e454197a5ffd6f816a397993891c8678f31dUbuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
d1c1dec0425b1351154dbc2e5d1e29f09c8665e1b8c90126af657be592658be8Red Hat Security Advisory 2020-4206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.121. Issues addressed include out of bounds read and out of bounds write vulnerabilities.
ee29d33c8d02edc40fada23b2b4ce234431964af68cae55bc513f502ae7c208cRed Hat Security Advisory 2020-4201-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
3d8b1c7224e8a2deee960b7668ead051da2664d66a79b155eb862d4b51810393Liman version 0.7 suffers from a cross site request forgery vulnerability.
d09a288db897644ead39be43f87913ea6f8df7db6ef2d572a5812c65d6063845Red Hat Security Advisory 2020-4184-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
e07862a6b47c60365c49864eb170c283833004c5b1cb5d16352a964c78388645EasyPMS version 1.0.0 suffers from an authentication bypass vulnerability.
e13602cc76a575c290664316ec7bcc5f6bd3a4fb3f24d3a6f8fe7affe677d016The Karel IP Phone IP1211 web management panel suffers from a directory traversal vulnerability.
01ce8f58c47369a648602b2c2e77762f247b3a31ce04190a1ddbaa9e1b4adfbeThis paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.
e80ccbaa83ffad3bf1cde6de0396cae423f3afd12c0a5a44cb9a16f8090938f4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed