#ubuntu

WordPress Ninja Tables plugin version 4.1.7 suffers from a persistent cross site scripting vulnerability.

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities.

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).

Red Hat Security Advisory 2021-3971-01 - Redis is an advanced key-value store. Issues addressed include denial of service and integer overflow vulnerabilities.

WordPress Media-Tags plugin version 3.2.0.2 suffers from a persistent cross site scripting vulnerability.

Online Student Admission System version 1.0 suffers from remote SQL injection and shell upload vulnerabilities.

FreeSWITCH versions 1.10.6 and below suffer from a SIP flooding denial of service vulnerability.

phpMyAdmin version 4.8.1 remote code execution exploit.

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway.