USN-5902-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as...
USN-5821-3: pip regression
USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience....
USN-5901-1: GnuTLS vulnerability
Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive...
USN-5899-1: AWStats vulnerability
It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue...
[NetworkSEC NWSSA] CVE-2023-26609: ABUS Security Camera LFI, RCE and SSH Root
Posted by Peter Ohm on Feb 27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access # Date: 2023-02-16 # Exploit...
[NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access
Posted by Peter Ohm on Feb 27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access # Date: 2023-02-16 # Exploit Author:...
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666
Posted by hyp3rlinx on Feb 27 [-] Microsoft Windows Contact file / Remote Code Execution (Resurrected 2022) / CVE-2022-44666 [+] John Page (aka hyp3rlinx) [+]...
USN-5898-1: OpenJDK vulnerabilities
It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this...
USN-5897-1: OpenJDK vulnerabilities
Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake...
CVE-2015-10086
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the...