This Metasploit module exploits a SEH overflow in the Easy File Sharing FTP server version 7.2.
29b662e3b76be16cb0b4aa2911f8c4a9da3d8df2d650d4583cb5a0c3976e26aeThis Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.
860df3259810620f34c556a18da76a197f8c3e0724e8476d20abc5f9f70ce870Open-Xchange versions 7.8.0 and below suffer from multiple cross site scripting vulnerabilities.
5273ac97746a41370e8a7259e9ccb912428c0fe5e29b9545c0ae6f750da37d5fManageEngine Password Manager Pro builds 8.1 through 8.3 suffer from bypass, cross site request forgery, privilege escalation, user enumeration, and cross site scripting vulnerabilities.
4701b3f6381aa3810fc096ebb5b3fdee574c32658bff2cd5fa61cc5488495a74Gentoo Linux Security Advisory 201604-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.5.0-r2 are affected.
b896eae21a58d53509df4b5e0d5bd8126548a138daf4735b9968003f5f2023b2Red Hat Security Advisory 2016-0532-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Security Fix: A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion.
7923c4a26bd8eaff6297576d2f1e25328457dfe3d9715a4441a96cf23a30904cRed Hat Security Advisory 2016-0590-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A cross-site scripting flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users. Multiple cross-site scripting flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users.
42d4f4e3af74814cadcbc87364f9ffead3c998f92991979048ae4a84bcde1e1aDebian Linux Security Advisory 3540-1 - Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed.
f8d0a79a6c7942c40560940314bc4668f67f891744697821c83f60c1fe5de253Debian Linux Security Advisory 3539-1 - Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.
2a21727a1da862b7191dcc3e6d927736a0e79bdf2e9a74f409de9c5217970cc5HP Security Bulletin HPSBGN03565 1 - A vulnerability in the Linux kernel was addressed by HPE Virtualization Performance Viewer. The vulnerability could be exploited locally to allow Denial of Service (DoS). Revision 1 of this advisory.
99c40fd384bf32a773b21eee76dfbdc695a46c41dfb88f5edec091d406f3ac30Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
d0919f77b9b9e732bca1f1e124be77e787a59e2770588c11f149a2c7ab403dc7Red Hat Security Advisory 2016-0534-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB.
3b3137ec076d7bc94e6e732f3ca6df727efffef5a325005d4034025729637d02Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
5df726031a8c8afc2839bb82ba15485ad10cb539dfedf1ba1d01d1fcab5a68fbHP Security Bulletin HPSBHF03431 3 - Potential security vulnerabilities have been identified with HPE Network Switches. The vulnerabilities could be exploited locally to allow bypass of security restrictions, and indirect vulnerabilities. Note: Versions 15.16.xxxx and 15.17.xxxx were incorrectly identified as vulnerable, the only affected versions are KB.15.18.0006 & KB.15.18.0007. Revision 3 of this advisory.
d8bb850a08d13bb31ae6e7f3c7450621b23cde7cd2dafccaf2f56290bab825d1HP Security Bulletin HPSBUX03561 1 - Potential security vulnerabilities has been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create Denial of Service (DoS), access restriction bypass, unauthorized read access to files, arbitrary code execution, and execution of arbitrary code with privilege elevation. Revision 1 of this advisory.
b5ecc5252638e66ff1f2f7a910bebebcd847eea2f66b38f774d1ef2569c89a5aHP Security Bulletin HPSBGN03567 1 - A security vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Asset Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
b105c64c961cfa4667a4ed0bfe5281184dfa6572901c35582d35e964ea25011cHP Security Bulletin HPSBGN3547 1 - Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot = dot) in the Filename field of an RRQ operation. Revision 1 of this advisory.
1f3e8868b00af47129e352df5e7d96c015037163a8da3a3ed509547718297d0bGentoo Linux Security Advisory 201604-2 - Insufficient constraints in Apache's Xalan-Java might allow remote attackers to execute arbitrary code and load arbitrary classes. Versions less than 2.7.2 are affected.
9a6d78ced955ff810283d5ec1c7b0ee7b0670f4eccf9878acd9ba88653d10f55Red Hat Security Advisory 2016-0566-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
bb5114769e158462435967fe99f7c07248d8a74c18dc398bb58e1d28a2fd2d4bFortiManager and FortiAnalyzer version 5.x suffer from a client-side malicious script insertion vulnerability.
a530b07cdbc75dbde22a04336deb19c76b63dc77cc84aacbdf288faf1e260092Techsoft Web Solutions CMS version 2016 Q2 suffers from a remote SQL injection vulnerability.
186f090bb2cf0f046f787258942a319ab0136c18238d87314d1832dd492bbb07BugCrowd's file upload allows for CSVs that may have malicious formulas in them.
b22bc45847766c3e4f34e0f66a6aeb563bc845db10f668c4635c00ee0bc764a1Microsoft Internet Explorer suffers from a MSHTML!CSVGHelpers::SetAttributeStringAndPointer use-after-free vulnerability.
cdfd2516b0415fb4189bf3b250e34e4c24ca6d87e3f8efdff8a5bd6c5a4c5be0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed