Debian Security Advisory 5654-1

Debian Linux Security Advisory 5654-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6710-2

Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

Red Hat Security Advisory 2024-1649-03

Red Hat Security Advisory 2024-1649-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1653-03

Red Hat Security Advisory 2024-1653-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1662-03

Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.

Red Hat Security Advisory 2024-1648-03

Red Hat Security Advisory 2024-1648-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1644-03

Red Hat Security Advisory 2024-1644-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1646-03

Red Hat Security Advisory 2024-1646-03 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1647-03

Red Hat Security Advisory 2024-1647-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-1643-03

Red Hat Security Advisory 2024-1643-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1641-03

Red Hat Security Advisory 2024-1641-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1572-03

Red Hat Security Advisory 2024-1572-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1574-03

Red Hat Security Advisory 2024-1574-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1614-03

Red Hat Security Advisory 2024-1614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, null pointer, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1615-03

Red Hat Security Advisory 2024-1615-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1640-03

Red Hat Security Advisory 2024-1640-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, denial of service, local file inclusion, memory leak, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1563-03

Red Hat Security Advisory 2024-1563-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1495-03

Red Hat Security Advisory 2024-1495-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1498-03

Red Hat Security Advisory 2024-1498-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1503-03

Red Hat Security Advisory 2024-1503-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-1559-03

Red Hat Security Advisory 2024-1559-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1561-03

Red Hat Security Advisory 2024-1561-03 - Red Hat build of MicroShift release 4.15.6 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2024-1492-03

Red Hat Security Advisory 2024-1492-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1493-03

Red Hat Security Advisory 2024-1493-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1494-03

Red Hat Security Advisory 2024-1494-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1485-03

Red Hat Security Advisory 2024-1485-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1484-03

Red Hat Security Advisory 2024-1484-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

[webapps] Quick CMS v6.7 en 2023 - 'password' SQLi

Quick CMS v6.7 en 2023 - 'password' SQLi

[webapps] Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

[webapps] Computer Laboratory Management System v1.0 - Multiple-SQLi

Computer Laboratory Management System v1.0 - Multiple-SQLi

[local] ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

Microsoft PlayReady deficiencies / content key sniffing on Windows

Posted by Security Explorations on Apr 02

Hello All,

It's been 1.5 years since Microsoft got a notification about PlayReady issues
affecting Canal+ VOD service in Poland [1].

Per information received from Microsoft back then:
1) "to maintain the integrity of the PlayReady ecosystem, the company takes
reports such as (ours) very seriously" (Oct 7, 2022),
2) the STB manufacturer committed to mitigate the incident (Nov 18, 2022).

However, as of late Mar 2024, no change...

Debian Security Advisory 5652-1

Debian Linux Security Advisory 5652-1 - A directory traversal vulnerability was discovered in py7zr, a library and command-line utility to process 7zip archives.

Ubuntu Security Notice USN-6720-1

Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.

Red Hat Security Advisory 2024-1601-03

Red Hat Security Advisory 2024-1601-03 - An update for curl is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-1607-03

Red Hat Security Advisory 2024-1607-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, null pointer, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1608-03

Red Hat Security Advisory 2024-1608-03 - An update for opencryptoki is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1610-03

Red Hat Security Advisory 2024-1610-03 - An update for less is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1612-03

Red Hat Security Advisory 2024-1612-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.

[webapps] Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

[webapps] Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

[webapps] Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

[webapps] CE Phoenix v1.0.8.20 - Remote Code Execution

CE Phoenix v1.0.8.20 - Remote Code Execution

[webapps] Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

[webapps] FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

[webapps] Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

[webapps] E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

[webapps] Gibbon LMS v26.0.00 - SSTI vulnerability

Gibbon LMS v26.0.00 - SSTI vulnerability

[webapps] Smart School 6.4.1 - SQL Injection

Smart School 6.4.1 - SQL Injection

[webapps] Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

[webapps] Casdoor < v1.331.0 - '/api/set-password' CSRF

Casdoor

[webapps] Daily Habit Tracker 1.0 - SQL Injection

Daily Habit Tracker 1.0 - SQL Injection

[local] ASUS Control Center Express 01.06.15 - Unquoted Service Path

ASUS Control Center Express 01.06.15 - Unquoted Service Path

[webapps] Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

[webapps] OpenCart Core 4.0.2.3 - 'search' SQLi

OpenCart Core 4.0.2.3 - 'search' SQLi

[webapps] FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

[local] Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

[local] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

[local] Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

[webapps] Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)