Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03.
Ubuntu Security Notice 3598-2 - USN-3598-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
Ubuntu Security Notice 3659-1 - Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2018-1713-01 - The UnboundID LDAP SDK for Java is a free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communications. The following packages have been upgraded to a later upstream version: unboundid-ldapsdk. Issues addressed include an access control vulnerability.
PHP Login and User Management versions 4.1.0 and below suffers from a remote shell upload vulnerability.
Microsoft Internet Explorer 11 on Windows 7 x64/x86 suffers from a vbscript code execution vulnerability.
Ubuntu Security Notice 3658-1 - It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
PaulNews version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
LikeSoftware CMS suffers from cross site request forgery and remote shell upload vulnerabilities.
Red Hat Security Advisory 2018-1711-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Issues addressed include a bypass vulnerability.
GNU glibc versions prior to 2.27 suffer from a buffer overflow vulnerability.
NewsBee CMS version 1.4 suffers from a cross site request forgery vulnerability.
HP Security Bulletin MFSBGN03808 1 - A potential security vulnerability has been identified in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.
EU MRV Regulatory Complete Solution version 1 suffers from a remote SQL injection vulnerability.
Red Hat Security Advisory 2018-1710-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2018-1707-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2018-1703-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
Honeywell XL Web Controller suffers from cross site scripting and remote SQL injection vulnerabilities.
Timber version 1.1 suffers from a cross site request forgery vulnerability.
Easy File Uploader version 1.7 suffers from a remote shell upload vulnerability.
Red Hat Security Advisory 2018-1702-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
OpenDaylight suffers from a remote SQL injection vulnerability.
ASP.NET jVideo Kit version 1.0 suffers from a remote SQL injection vulnerability.
WordPress Peugeot Music plugin version 1.0 suffers from cross site request forgery and remote shell upload vulnerabilities.
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed