-
Operating System: Ubuntu ≈ Packet Storm
Sep 6, 2024 | 15:28 pm
Ubuntu Security Notice 6991-1 - It was discovered that AIOHTTP did not properly restrict file access when the 'follow_symlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system.
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 5, 2024 | 15:01 pm
Ubuntu Security Notice 6990-1 - Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 5, 2024 | 15:00 pm
Ubuntu Security Notice 6989-1 - Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 4, 2024 | 15:46 pm
Ubuntu Security Notice 6985-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 4, 2024 | 15:13 pm
Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 4, 2024 | 15:09 pm
Ubuntu Security Notice 6986-1 - David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information.
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 4, 2024 | 15:07 pm
Ubuntu Security Notice 6981-2 - USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 4, 2024 | 15:06 pm
Ubuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 3, 2024 | 14:22 pm
Ubuntu Security Notice 6973-4 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 3, 2024 | 14:10 pm
Ubuntu Security Notice 6983-1 - Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code.
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 2, 2024 | 15:57 pm
Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 1, 2024 | 16:40 pm
This Metasploit module attempts to read a remote file from the server using a vulnerability in the way MediaWiki handles SVG files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. In order to work MediaWiki[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 1, 2024 | 16:31 pm
This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin GI-Media Library version 2.2.2, allowing to read arbitrary files from the system with the web server privileges. This Metasploit module has been tested successfully on GI-Media Library version 2.2.2[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 1, 2024 | 16:25 pm
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 less than or equal to 1.11.2. The JobManager REST API fails to validate user-supplied log file paths, allowing retrieval of arbitrary files with the privileges of[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 1, 2024 | 16:24 pm
This Metasploit module exploits a source code disclosure in Apache ActiveMQ. The vulnerability is due to the Jettys ResourceHandler handling of specially crafted URIs starting with //. It has been tested successfully on Apache ActiveMQ 5.3.1 over Windows 2003 SP2[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Sep 1, 2024 | 16:10 pm
This Metasploit module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Aug 31, 2024 | 21:34 pm
This Metasploit module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1 password hashes for all users, by invoking the EmportDwr.createExportData DWR method of Mango M2M which is exposed to all authenticated users regardless of privilege level. This Metasploit[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Aug 31, 2024 | 21:28 pm
This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Aug 31, 2024 | 20:09 pm
This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5.x.x to dump the user table information or to dump all of the vBulletin tables (based on the selected options). This Metasploit module has been tested successfully on VBulletin[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Aug 31, 2024 | 18:58 pm
This Metasploit module exploits unauthenticated access to the _prep_auth_info() method in the SaltStack Salt masters ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master.[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Aug 31, 2024 | 16:26 pm
The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher[…]
Read more...
-
Operating System: Ubuntu ≈ Packet Storm
Aug 29, 2024 | 14:11 pm
Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.[…]
Read more...