Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
Joomla Advertisement Board Classifieds extension version 3.2.0 suffers from a remote shell upload vulnerability.
Froxlor version 0.9.37 suffers from an html injection vulnerability.
Atlassian Bamboo versions prior to 6.1.6 and 6.2.0 through 6.2.5 suffer from code execution and argument injection vulnerabilities.
EMC xPression version 4.5SP1 Patch 13 suffers from a remote SQL injection vulnerability.
b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability.
Red Hat Security Advisory 2018-0005-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.9.
Red Hat Security Advisory 2018-0004-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
Red Hat Security Advisory 2018-0002-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
Red Hat Security Advisory 2018-0003-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
Ubuntu Security Notice 3477-4 - USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. Various other issues were also addressed.
WordPress Smart Google Code Inserter plugin versions prior to 3.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Joomla EXP Auto extension version 4.2.3 suffers from a remote SQL injection vulnerability.
Joomla RealEstateManager extension version 4.2.0 suffers from a remote SQL injection vulnerability.
Joomla VehicleManager extension version 3.9.15 suffers from a remote SQL injection vulnerability.
Fortinet Installer Client 5.6 for Windows PC suffers from a dll hijacking vulnerability.
Joomla JomDirectory extension version 4.4 suffers from a remote SQL injection vulnerability.
Clooud version 1.4.0 suffers from a remote shell upload vulnerability.
Lara Overflow version 1.0 suffers from a cross site scripting vulnerability.
Career Portal Online Job Search Script version 1.0 suffers from a cross site scripting vulnerability.
Eventsys Events Management System version 1.0 suffers from a cross site scripting vulnerability.
Your Doctor Medical and Doctor Website CMS version 1.0 suffers from a cross site scripting vulnerability.
Ebook CMS version 1.0 suffers from a cross site scripting vulnerability.
FAQin Congress is a free invitation-only underground hacking event in Madrid, Spain being held March 1st through the 3rd, 2018. The call for proposals has been announced.
This is a macOS kernel exploit based on an IOHIDFamily vulnerability.
