Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
ad5333d418103da4353a469eec05bb13EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform unauthorized updates on any D2 configuration object.
d5ef346d5db8e49d3b491778d30fff8dUbuntu Security Notice 2945-1 - It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
3e0687125310e9b6a8bab68f11d96ecfUbuntu Security Notice 2944-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
03843528b551df16da7b17bd54b118a6An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes.
652a269ac45b0937a4f3a2dcadc3d8abPulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.
478d4cc4f6e9c358a01b5c419f2249b5MeshCMS version 3.6 suffers from a remote command execution vulnerability.
f8c6c7f05e0a2378f8708609cdc28884Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.
af3f20b956c147737af1e201febb9559Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability.
b279d58b947f184c303594be3d35e0e9Hexchat IRC client version 2.11.0 suffers from a stack buffer overflow vulnerability.
1fcd8b74487e9c6c9548b10d474e92f4ARRIS SURFboard 6141 broadband cable modems suffer from a cross site request forgery vulnerability that allows an attacker to force a reboot.
41e06da698d6ea142cc66aa52be28084DotCMS version 3.3 suffers from a remote SQL injection vulnerability.
eaaa2739b996a9e27f8c6db9fa1437c0Cacti versions 0.8.8g and below remote SQL injection exploit.
819ef3ca9e6d150e04369787beb730e7PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.
8c77724b9ebb3ec7d750cea85b810753Tradukka.com suffered from a cross site scripting vulnerability.
055a58e90404dfee97357cfe82351baaThe patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
ed2de4cdbbff3d22aad9553050f8325bThis particular vulnerability makes it possible to force a Stratum Mining Pool to accept "invalid" shares by the thousands for each mining pool round. It is possible to make pure money from this vulnerability. The exploit is real but affects only a fraction of Stratum Mining Pools.
22d3e5bf0714b0b8e037783686e00b6cSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c5c8e5846b54546257954f3c759d9675This Metasploit module exploits a SEH overflow in the Easy File Sharing FTP server version 7.2.
8c94fac0515603e7572a80f3730841baThis Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.
143f2f70be5c584f22620615e047909aOpen-Xchange versions 7.8.0 and below suffer from multiple cross site scripting vulnerabilities.
7030b4d898fcfa524b4fd22336d1b697ManageEngine Password Manager Pro builds 8.1 through 8.3 suffer from bypass, cross site request forgery, privilege escalation, user enumeration, and cross site scripting vulnerabilities.
4f236dcbe2a00436d23f97301e47f914Gentoo Linux Security Advisory 201604-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.5.0-r2 are affected.
537344e4201e1864d683d6d4fbce853aRed Hat Security Advisory 2016-0532-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Security Fix: A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion.
0ae51d5c9c936555cf7c84c0e86f2c08Red Hat Security Advisory 2016-0590-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A cross-site scripting flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users. Multiple cross-site scripting flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users.
f99de59da607a5c2a44d5b0b9b7091f2
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed