ABB Cylon Aspect version 3.07.01 BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet.
77c571a0aaea9e72f54148bf830ecd55a32afc329d2af950110f41d58c705470Proof of concept toolkit to demonstrate the issue noted in CVE-2023-52709 related to the TI bluetooth stack. When running Defensics test case #SMP legacy 1001 with loop mode on DUT configured as resolvable private address, after a while, the device will end up generating unresolvable random private address causing denial of service for already bonded peer devices.
02f2601eddbe9fb045062d2c686c897f6039df04b9482db6478440625d4786aepgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
518f56e4049ab1c116b1d55d1a7662e998277cad57c401bcecbaa7035abe00a8Ubuntu Security Notice 7039-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
dfba7d8e80b84fb47dc725d81c166af93f650cff7e694ffb3bd882ed52b39a79Ubuntu Security Notice 7021-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
69d8a00cc33c644b5218146c25ae3a8c80c5889b997d63ea9e1c79f9b9d8e330Red Hat Security Advisory 2024-7164-03 - The Migration Toolkit for Containers 1.8.4 is now available. Issues addressed include denial of service and password leak vulnerabilities.
56117850ad0b40f88dcb4c4e8b7bdc4c764cc266319213e239ff00415b5c66baUbuntu Security Notice 7020-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f5bcc60a1714fa022b4b4445bed98eea0eebfc6ffb87470f6e025f80790de5abRed Hat Security Advisory 2024-7137-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
967a3ed056c5012abfcd656c27b6a8eb9ccc60b4eb4e75f48620300490866f8cUbuntu Security Notice 7034-2 - USN-7034-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle.
697a9ba977b6fa8a3a1b2fd17bfb44bf55fd6b4c1b7d95ad6392f9ffbed0e2ffUbuntu Security Notice 7003-4 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c85181693b4ae184acd8611269c3c7857764f26f86f84d4df3a4650c59c7d69dRed Hat Security Advisory 2024-7136-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.
1e87795908b926fe7cc12d8b38c3638accb922a2efd8aabbe07ae30b24025d1aUbuntu Security Notice 7037-1 - It was discovered that OpenJPEG could enter a large loop and continuously print warning messages when given specially crafted input. An attacker could potentially use this issue to cause a denial of service.
81b6eb730c0ee7967ac3037f5a6565c45a7035ff9d03a4513c0353b44a6b4a72Red Hat Security Advisory 2024-7135-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.
ac8ff5db3b68e1e549078a7f63ce692fda73d9577ac2a05cec5e7e0f8683243eUbuntu Security Notice 7038-1 - Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data.
4bc9ae4d066ade2386768445712f54f05bbaee490eb4829d2fe9fdbeacc1200dUbuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.
c4acd1ffc8ca871047fb8a39618d9c0b95465770474d22abee717b0b2de788adUbuntu Security Notice 7035-1 - It was discovered that the AppArmor policy compiler incorrectly generated looser restrictions than expected for rules allowing mount operations. A local attacker could possibly use this to bypass AppArmor restrictions in applications where some mount operations were permitted.
18e6675296e9bfadfac2c11a124d64d6e37cdc0a0120690b5b56b0de4b34dee9SchoolPlus version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d2074cc8545a505ce1af1c27f59e640d90c6c616fbd247a73c1d9f5cea3d3385School Log Management System version 1.0 suffers from a PHP code injection vulnerability.
a34789327de460887266c735bef8f74228929d32d54ba320baa0cf19e9f7e3afSchool Dormitory Management System version 1.0 suffers from an ignored default credential vulnerability.
861e610b1a8c0b1120c4149e66a75572e6d4838142e38d7e89abb78b2b88e983Sample Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
61eda3f220bcfb474e61a383d157f7559eaabd352c4d5b1a930e8077c163d977Rupee Invoice System version 1.0 suffers from an arbitrary file upload vulnerability.
6fb3380fdbd9dc68d4cb8441ac475f25ac1ecd1029d07f228a330be33ec7258cRestaurant POS version 1.0 suffers from a remote SQL injection vulnerability.
1efe1a827da05e9054d6424d0c6cbeffd061cb7a7b523985c9f815859c5ded7aResponsive Binary mlm version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7832158bdfb6f25736475de94f715b561965469ceb63c7f42c224430b50843dfResponsive Billing sw System version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a0219dae7fd1734f734512e67150e374366e1b2cf6be0d9351c5231f163d3f5aPHP SPM version 1.0 suffers from a WYSIWYG code injection vulnerability.
536b68dcbe9d4246c7b010d149de6d84d7dd1692847cf3ff869f37c679492ff7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed