Exploit-DB Updates

[local] Saflok - Key Derication Function Exploit

Saflok - Key Derication Function Exploit

Exploit-DB Updates

[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

Exploit-DB Updates

[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202402-33

Gentoo Linux Security Advisory 202402-33 - A vulnerability has been found in PyYAML which can lead to arbitrary code execution. Versions greater than or equal to 5.4 are affected.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6661-1

Ubuntu Security Notice 6661-1 - Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6662-1

Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6305-2

Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6663-1

Ubuntu Security Notice 6663-1 - As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6657-1

Ubuntu Security Notice 6657-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6658-1

Ubuntu Security Notice 6658-1 - It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6659-1

Ubuntu Security Notice 6659-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6656-1

Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6660-1

Ubuntu Security Notice 6660-1 - Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 11 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0998-03

Red Hat Security Advisory 2024-0998-03 - Red Hat OpenShift distributed tracing 3.1.0.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0989-03

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0980-03

Red Hat Security Advisory 2024-0980-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0981-03

Red Hat Security Advisory 2024-0981-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0982-03

Red Hat Security Advisory 2024-0982-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0983-03

Red Hat Security Advisory 2024-0983-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0984-03

Red Hat Security Advisory 2024-0984-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0988-03

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0979-03

Red Hat Security Advisory 2024-0979-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0977-03

Red Hat Security Advisory 2024-0977-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0978-03

Red Hat Security Advisory 2024-0978-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

Exploit-DB Updates

[remote] TEM Opera Plus FM Family Transmitter 35.45 - XSRF

TEM Opera Plus FM Family Transmitter 35.45 - XSRF

Exploit-DB Updates

[webapps] Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Exploit-DB Updates

[remote] TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

Exploit-DB Updates

[webapps] Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

Wordpress Plugin Canto

Exploit-DB Updates

[webapps] Moodle 4.3 - Reflected XSS

Moodle 4.3 - Reflected XSS

Exploit-DB Updates

[remote] Executables Created with perl2exe < V30.10C - Arbitrary Code Execution

Executables Created with perl2exe

Exploit-DB Updates

[webapps] Zoo Management System 1.0 - Unauthenticated RCE

Zoo Management System 1.0 - Unauthenticated RCE

Exploit-DB Updates

[webapps] Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Exploit-DB Updates

[webapps] dawa-pharma 1.0-2022 - Multiple-SQLi

dawa-pharma 1.0-2022 - Multiple-SQLi

Exploit-DB Updates

[webapps] Moodle 4.3 - Insecure Direct Object Reference

Moodle 4.3 - Insecure Direct Object Reference

Exploit-DB Updates

[webapps] Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Exploit-DB Updates

[webapps] SuperStoreFinder - Multiple Vulnerabilities

SuperStoreFinder - Multiple Vulnerabilities

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] Online Shopping System Advanced - Sql Injection

Online Shopping System Advanced - Sql Injection

Exploit-DB Updates

[webapps] comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

comments-like-dislike

Exploit-DB Updates

[remote] IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Exploit-DB Updates

[dos] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

Wyrestorm Apollo VX20

Exploit-DB Updates

[remote] Flashcard Quiz App v1.0 - 'card' SQL Injection

Flashcard Quiz App v1.0 - 'card' SQL Injection

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] taskhub 2.8.7 - SQL Injection

taskhub 2.8.7 - SQL Injection

Exploit-DB Updates

[remote] FAQ Management System v1.0 - 'faq' SQL Injection

FAQ Management System v1.0 - 'faq' SQL Injection

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6653-1

Ubuntu Security Notice 6653-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202402-32

Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5631-1

Debian Linux Security Advisory 5631-1 - It was discovered that iwd, the iNet Wireless Daemon, does not properly handle messages in the 4-way handshake used when connecting to a protected WiFi network for the first time. An attacker can take advantage of this flaw to gain unauthorized access to a protected WiFi network if iwd is operating in Access Point (AP) mode.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6652-1

Ubuntu Security Notice 6652-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202402-30

Gentoo Linux Security Advisory 202402-30 - A vulnerability has been found in Glances which may lead to arbitrary code execution. Versions greater than or equal to 3.1.7 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202402-31

Gentoo Linux Security Advisory 202402-31 - A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow. Versions greater than or equal to 0.60.8-r3 are affected.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6650-1

Ubuntu Security Notice 6650-1 - Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6651-1

Ubuntu Security Notice 6651-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6655-1

Ubuntu Security Notice 6655-1 - It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6654-1

Ubuntu Security Notice 6654-1 - It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting attack.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0975-03

Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0976-03

Red Hat Security Advisory 2024-0976-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0970-03

Red Hat Security Advisory 2024-0970-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.