Monthly Archive: March 2020

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. Date published : 2020-03-08 https://www.exploit-db.com/exploits/39437

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. Date published : 2020-03-08 Dell KACE K1000 Remote...

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. Date published : 2020-03-08 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA/

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. Date published : 2020-03-08 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA/

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files,...

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP...

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. Date published : 2020-03-08 https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2020-03-05-fuzzing-heap-corruption-nitro-pdf-vulnerability.md https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuzzing-heap-corruption-nitro-pdf-vulnerability.html

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. Date published : 2020-03-08 https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2020-03-05-fuzzing-heap-corruption-nitro-pdf-vulnerability.md https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuzzing-heap-corruption-nitro-pdf-vulnerability.html

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. Date published : 2020-03-08 http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html https://engindemirbilek.github.io/rconfig-3.93-rce

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. Date published : 2020-03-07 http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. Date published : 2020-03-06 https://support.apple.com/kb/HT211168 https://support.apple.com/kb/HT211171

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. Date published : 2020-03-06 http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. Date published : 2020-03-06 http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to...