RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
b33a501b649fb4900d4cb03d01bea674dda00bc78e807afce60061fd47ecfceaUbuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
b70b10fbc09eecc7f6450b8fc75f5405f53df4d3f357186781fb86507683fc60jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
bc25144c39d2d2fec969828ee8a61334a575de0ca5bb0e4f7cad8fb500ed6004Ubuntu Security Notice 6207-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
078d5bcad96bf9c3bb2527dc64d2f00742ddc07203c5630cbb8b66d7899217b6Ubuntu Security Notice 6205-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
1e0378175b2b42d9f4258786c914e5e09bd243dd1b66dd78e4ec49a6f464c83bRed Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
724accdac3b7f95b4f3363d179ec538613ecd750bc64aa5314da609103e8ad20Red Hat Security Advisory 2023-3924-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.23.
7e91a97286f7fc38429605d4c3b1f557a38f8685fe741fc4a6501cb405cf961aPiwigo version 13.7.0 suffers from a persistent cross site scripting vulnerability.
8f0e463182c281e8719331ad75f9bfbd84419ff6eddba2d0e21b1929bf03283fLost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.
26d0f1deb4fda9d9af13364671a7e8c2b6885870a63d654ccb53313326691e2aGila CMS version 1.10.9 suffers from a remote code execution vulnerability.
2f98e022c36d4823c99621e22d256fee74a522350ff8b0286aff3c8f5ed8040fDANGEROUS MAILER-CLONED version 2.0 suffers from an information leakage vulnerability.
f03de4c422ac25cb41a8b39e9d9538bb67cf2f33c39a55e2b1808c8e26ab5956DaillyTools suffers from a remote command execution vulnerability.
753f6c8ba04fde362a5ca45847a1b34db043b743bb604d2cd7b95763de40b0c6CakePHP Test Suite version 2.7.0 suffers from a cross site scripting vulnerability.
7a9ddf4620ae96b9812069eee45ec59d3d0ff9bd6641647204873c7ee530dbd1Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.
59f660cdd376fb256fa94756579e9bb22c08fffdc7729f1376e15f3399c9846bAGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3cb042a5ee64bc830f207a27703658b494bc7c58d935a433c50f598447b2f8b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed