ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.
ce634473f825d0f57046db4dc9958352e6697eedb52ff14a9efa1297a55a6652Telegram version 3.2 suffers from a denial of service vulnerability.
90996d03212ed2c75f8fd0f227cfaaa7bd7b0fa0b0abb5f28d2eebcc8b3de810This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.
6ad9dbf653da822a763a4a0ee8845d1ea92def27b988d96ac422f942ecd40aacSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
4a19214d7673f9c0eba2e4e5ac78152309464186d16df48944b8f5644faa802dThis Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.
f3ce91f963a609ee2afb35c805a8185b216151f2f25fca139375b42759d02476This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.
7c6decaff907ef3b9b1bb529a51ba19b1033c58a2df89c836c3f0ff8739caa9fX2Engine version 4.2 suffers from cross site request forgery vulnerabilities.
3ff64763cff039036ce49876b8feba0377dcadb9b0e71850c458529d2d4b3ba5X2Engine version 4.2 suffers from a remote arbitrary file upload vulnerability.
b842c998e5a3f61c7b50acdb164aa108cc409599a2d25d457a9b76687828ed94X2Engine version 4.2 suffers from multiple cross site scripting vulnerabilities.
9218f813f4e812e5120771140043ffecf041e066c73fa20c5a290b1140989be9Debian Linux Security Advisory 3368-1 - It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service.
fb30de4dfb472107cab21da532594e838feefffc940985cd87decc7dbaf7fbc4Gentoo Linux Security Advisory 201509-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.521 are affected.
94d0e02348fcb5f061e23d159a5edf9376fdacd6815e90a1760a26e2e16eef18Ubuntu Security Notice 2746-2 - USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream. Various other issues were also addressed.
7b09a0d72f7034d833f88eb6791490c832b585167b9f3d5c9d54469a9097fe5cThe Good Mobile Device Management solution suffers from an insecure application-coupling vulnerability.
af107c97cd4d7d4de1c924959092ed0c56c2cc5541967d7bdf9e2c3dfe46fe34VuFind version 1.0 suffers from a cross site scripting vulnerability.
e11f4bce9e7156498d91762f5acc3c7dc73d048e47fec232b6e4c2456ec7e884
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed