Ubuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.
1d0995a05bfb6ad2fa8ac23ac764746cf96df2b01811ed35e84375f6e0de6041WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.
70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403WordPress WP Brutal AI plugin versions prior to 2.0.1 suffer from a cross site scripting vulnerability.
9b902c28a8a46ad41c167f3df132b5da7347a25965fce41179a3b9b17e208354Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
fdcfbae1f5c8e13e234b05f8f69b7089d4be15d583f61718c883176d63f0c044WordPress WP Brutal AI plugin versions prior to 2.0.0 suffer from cross site request forgery and remote SQL injection vulnerabilities.
ad3eae1b3379d903bddc81a19b2f208837108120f8db3f5bd63cada77306823cWordPress SEO Alert plugin versions 1.59 and below suffer from a persistent cross site scripting vulnerability.
6b08af4e5dc0e4ba5e429a89a19e83daa730dc717623a3e43ee5c244c0eca941WordPress WP Brutal AI plugin versions prior to 2.06 suffer from a persistent cross site scripting vulnerability.
f0fe10550341a549f41e0bbc187064bdd166943b60a5efc5282b037ad1af5e87WordPress PrePost SEO plugin versions 3.0 and below suffer from a persistent cross site scripting vulnerability.
c7c3871990b66327a25119c4c7dd8203cea43e79f6436c78fea1d171809dceb9Ubuntu Security Notice 6240-1 - It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.
23d0c59663a9800c421af882cd089b84e712e688776650fec3d19c573aecaa2cWordPress Tablesome plugin versions prior to 1.0.9 suffer from a cross site scripting vulnerability.
8d34ca979d3351395c44ea8fcf0d676735c2b2a08d622d02af367591811fd5cfWordPress Login Rebuilder plugin versions prior to 2.8.1 suffer from a persistent cross site scripting vulnerability.
e4c890bd10b036bc28ddba1b8cd33d4e1e3c00136bc0365e79bfff66d6ce7dd0WordPress Seo By 10Web plugin versions prior to 2.8.1 suffer from a persistent cross site scripting vulnerability.
063b994605694ed231a4af358c6208017c3920debf819f30c828810a843b4be3jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
c104d54e5f523941ed7f4f29c4b40ad95b160a268c4a7ed95433316d2c244c60WordPress Login Configurator plugin version 2.1 and below suffer from a cross site scripting vulnerability.
e5e253464a546f3e0cfcdbce34ae6cc91a22cf463dad24650461e839cfe11b27Google Chrome version 115.0.5790.102 WebGPU use-after-free memory corruption proof of concept exploit.
8d8a37ec6a9723c095e854941ee699a99d052bf1885ef10eb39b13deb719ce3dUbuntu Security Notice 6203-2 - USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
b887c1bee14d859a651cafd1f5c9fe0eb9aa2103052f27c21f69c71fa9ba27f3Joomla VirtueMart Shopping-Cart extension version 4.0.12 suffers from a cross site scripting vulnerability.
9f5ac10afca18a008b7b2f1cdb9b2a76b15a112ae99d53ad00af6dd9e3c4c6abJoomla HikaShop extension version 4.7.4 suffers from a cross site scripting vulnerability.
4a640ebc95c61f7de9b73e8609aacf419c4ada6b11f9acd82eff51a3c9f16fd4Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.
2b9c86c0981c6cb849514c3a50af9f2290b7101e67e4681c2c882186a7f80d10Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
660a72fb20d31d9e227a37eb72a70d3cbe73b618e8e1c7d54df8413161c9a724WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.
13a1ca560e74613eb2d4517f0addb6da665a264ecdfd2a0a3388354bd3480ea9WordPress Page Builder KingComposer plugin version 2.8.1 suffers from a cross site scripting vulnerability.
77662abf0776375201ff60f781da8c55a661a3ddfbb935e265a40435e5c6cd90WordPress Duplicator plugin version 3.8.7 appears to leave backups in a world accessible directory under the document root.
8f7867098777bfb7d7988fcc7cf6d15c45a7a00aa260411393d341e6ecc3e473Red Hat Security Advisory 2023-4262-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
c2107d44997a315d2fc4dcb96db78c2276e181339b5e26f7e8bea82df6d598cfRed Hat Security Advisory 2023-4256-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
00264b65a8b6babbd8ab84242cb20a330e5e0d88f344f11ebfdaa64459ccfc7c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed