ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system.
abdeff4284c7fe44c3e55417d31b7d1ca3841538897dfe4c0808b510db1dacc3ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.
a4086eec7a5ee5c9db9cd5f10469f947a7061c1d4d1d322d7820c84737b04b5eABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.
b3763bcb69fec8fa8456518bda4905438794f1034a56b68246980d06fc740b58Debian Linux Security Advisory 5788-1 - Damien Schaeffer discovered a use-after-free in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.
71cf6e08a29d64dd05cec8da672d495e697c717f5050845adf6c9632bc54af0aUbuntu Security Notice 7020-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7bdc12f76ce92161568b6661bc383554aeb8e9e2644aeb9eb55bcc840b9a28c2Ubuntu Security Notice 7062-1 - It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.
e08b2d1a8c1054fb3429eeda4d87139413be28d69b597bda91a28203871786f0Red Hat Security Advisory 2024-7994-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.3 General Availability release images, bug fixes, and updated container images.
4f64e5cf12aa3f65ec367ff950438b3d267c2a4645054594527db50d828aa58dTerraMaster TOS version 4.2.29 suffers from a remote code injection vulnerability leveraging a local file inclusion vulnerability.
47788fafaa57a0578fe61fae3aba9174fdcd4e9caddb1374b93de92e53260e4aRed Hat Security Advisory 2024-7987-03 - An update is now available for Red Hat Satellite 6.15 for RHEL 8. Issues addressed include HTTP request smuggling and null pointer vulnerabilities.
b58d7016764ddfe17daf466f24d943858f278365518a58f25fe14223d941a26fSolarView Compact version 6.00 suffers from a PHP code injection vulnerability.
afb7c824b8a452a7e349a92945e4f923c65efb017c72b8f15dc3710d87d468e4Openfire version 4.8.0 suffers from authentication bypass and code injection vulnerabilities.
eefc137002c1066cce87682437ffa243da616e4655906ff7e940a9880c1521faRed Hat Security Advisory 2024-7977-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
5dadc8c60942a612f74731ad17bcda495796bfe8065be680e18a450bfcc6f430MagnusBilling version 6.x suffers from a PHP code injection vulnerability.
8afee02e52dfc7e60f0795a499d4d51a65da1ef81b17761aba9000d194ee19beKafka UI version 0.7.1 suffers from a remote code injection vulnerability.
f6954aa312113773c4c6cf140221ca2fecef7f97142ccba843f932cb4517b4e9Red Hat Security Advisory 2024-7972-03 - An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include a code execution vulnerability.
dda3f88a23353ff415491ab18b600dc2473b5b33043d512eceae4eb401e8d30cGL.iNet version 4.4.3 suffers from authentication bypass and code injection vulnerabilities.
c0bd892d4ce8d30e3432ddef1187ae27e61ca1614db2d2530154b6a6e003a28cGibbon School Platform version 26.0.00 suffers from a PHP code injection vulnerability.
e4e57257a6af48db80f9631152fb25298130f59964899699bca602c17cfd7836Craft CMS version 4.4.14 suffers from a PHP code injection vulnerability.
1f149768386bf46995caf4d51e649f8b66d41ec64b6663664584c8357eb34ffbChamilo version 1.11.18 suffers from a PHP code injection vulnerability.
96e2fd6800e4eae0de444f883558a648f96062c2ef4ccf1b635571eb64c66ddeArtica Proxy version 4.40 suffers from a code injection vulnerability that provides a reverse shell.
c1517d7efd5b58efb0947f3e574c94e4dff36e9127ec54ebd5658e96d60b3efbXNU suffers from a race condition leading to a use-after-free between the NFSSVC_NFSD command and an upcall worker thread.
7ffbd2f24181807ee212967faac09584f8f2b2db84a64cd1af883cc860d8e6a6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed