Debian Linux Security Advisory 5439-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
cc895f5c176833d74e7a3f8e0143a354220ebb5b634b336ac40ccc836c9f7e36Rocket LMS version 1.7 suffers from a persistent cross site scripting vulnerability.
97f580a88c2b993e6298fe38f539f299905ea42fdaf07c50ffd5ef2690baa6e0WordPress LearnDash LMS version 4.6.0 suffers from an insecure direct object reference vulnerability.
3a8f67c945962cd97a8543c7e9a730133e280935b834b5ed9f28ab87a13f1a38This Metasploit module is designed to exploit the JNDI injection vulnerability in Druid. The vulnerability specifically affects the indexer/v1/sampler interface of Druid, enabling an attacker to execute arbitrary commands on the targeted server. The vulnerability is found in Apache Kafka clients versions ranging from 2.3.0 to 3.3.2. If an attacker can manipulate the sasl.jaas.config property of any of the connector's Kafka clients to com.sun.security.auth.module.JndiLoginModule, it allows the server to establish a connection with the attacker's LDAP server and deserialize the LDAP response. This provides the attacker with the capability to execute java deserialization gadget chains on the Kafka connect server, potentially leading to unrestricted deserialization of untrusted data or even remote code execution (RCE) if there are relevant gadgets in the classpath. To facilitate the exploitation process, this module will initiate an LDAP server that the target server needs to connect to in order to carry out the attack.
f66b350948de8d0c6e468d03fb8436dd9af78149309b8e72facbdb3d5300a0eaRed Hat Security Advisory 2023-3615-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. Issues addressed include a denial of service vulnerability.
7fb4743cf0f6421a8fc76e5aeabe5a0d1c7e99c6c059a74b0989a6981fbfe871ONEST CRM version 1.0 suffers from a persistent cross site scripting vulnerability.
ab2c496a64d6d91e4d8455912306fd0acc5d24986ab8374367291acb391289acRed Hat Security Advisory 2023-3796-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
ae2a9a38ac081006d84e460f9a3555858e4079b07f04dd6ece466b6912444933Office Suite Premium version 10.9.1.42602 suffers from a local file inclusion vulnerability.
67c4565694ad8b004ca5be03f3ce64ed4cb8208650aa9cf0be7cb6eed7c72a31Office Suite Premium version 10.9.1.42602 suffers from a path traversal vulnerability.
ce624ab609d139dcb237af5da62ce78f9b6fa9149328d832b79d9ab05c3c9f7dOffice Suite Premium version 10.9.1.42602 suffers from a cross site scripting vulnerability.
f5cac9fb2b3301b49dbd418e0ca9d1f282da262180014f312e96c87af388465bMagicAI version 1.55R suffers from a persistent cross site scripting vulnerability via a file upload.
f4d106d7a59e4b426baf267d2bfbc5e19be78391b0f2498637e74b343fb4f208This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.
675a785e859d600b55de67ecd17a85ff26741d8e1b74c51ed0fa585850b44f3fRed Hat Security Advisory 2023-3781-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
53af3f081b202ddfaddc1e2024ab3c9393d87de9fb3fe8bf5c00a8a5f537ad35Microsoft 365 MSO version 2305 build 16.0.16501.20074 suffers from a remote code execution vulnerability.
3b2deb6294f7b71a818f81eca0bdc3765f7fecf2245a2ab5827f991c129e303fMyBB Favicon plugin version 1.0 suffers from a cross site scripting vulnerability.
48e6211cff65bfb83fc11243b98216054981ee3a62b7f4384b54d20ecdc324e2Job Board version 1.0 suffers from a remote shell upload vulnerability.
f7203303285c27e34b43e1ca88c500efecfa3ba96a7c0c4199535084be1cc9bcRed Hat Security Advisory 2023-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.62. Issues addressed include bypass, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
6c9533d59305426940cb421a1f39f2dd82290bdf18ec5daf3ed8d9b261dad6a0PrestaShop Winbiz Payment module suffers from an improper limitation of a Pathname to a restricted directory.
fd9d9b41b3b106776bf4bded355ea6effd89622c59564f7bfb574cd7059f7f60Microsoft Microsoft Windows 11 version 22h2 suffers from a kernel privilege escalation vulnerability.
be4c5e79f9cf0b40f7b8ba9b4538a14f5731f19051d96808d39f4233d0d4064dAzure Apache Ambari version 2302250400 suffers from a spoofing vulnerability.
a59f6776d4aacfdd02dcb83d8333b2b5e421a9df5ff2079e452c760ede563817Xenforo version 2.2.13 suffers from a persistent cross site scripting vulnerability.
f5d2f804109cb0eeef8387c640405b6f7f8dc548ab7656e5c0750cbeed8641d3MCL-Net version 4.3.5.8788 suffers from an information disclosure vulnerability.
0d9966ba2e021b0a315a3258cc773efd603dcddd8af2b24188e84d5a992fd665Chrome suffers from an internal javascript object access vulnerability. suffers from a code execution vulnerability.
ffd1bc4c7c03a984e8cd76542fd8b6610321410abd4663e7c81762fe8f30c5aeActive eCommerce CMS version 6.5.0 suffers from a persistent cross site scripting vulnerability.
066a6369e498fa088914ac661b208cfdd01fc42dc04688bd48a485b5fda514c6Microsoft SharePoint Enterprise Server 2016 suffers from a spoofing vulnerability.
dc69c8a196ae434905235f744cfdcbe0d497ed7ab1caa764b015de4a98a1e4d1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed