#ubuntu

Ubuntu Security Notice 5121-2 - USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. It was discovered that Mailman improperly sanitize the MIME content. An attacker could obtain sensitive information by sending a special type of attachment.

Employee Record Management System version 1.2 suffers from a remote SQL injection vulnerability.

Red Hat Security Advisory 2021-4057-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2021-4059-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

10-Strike Network Inventory Explorer Pro version 9.31 suffers from a buffer overflow vulnerability.

This Metasploit module uses an authentication bypass vulnerability in Wordpress Pie Register plugin versions 3.7.1.4 and below to generate a valid cookie. With this cookie, hopefully of the admin, it will generate a plugin, pack the payload into it and upload it to a server running WordPress.

Red Hat Security Advisory 2021-4058-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Ubuntu Security Notice 5127-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Codiad version 2.8.4 remote reverse shell upload exploit. Original discovery of code execution in this version is attributed to WangYihang in 2018.

Red Hat Security Advisory 2021-4060-01 - The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Issues addressed include a buffer overflow vulnerability.