This archive houses a large quantity of vulnerabilities identified in Netsweeper versions ranging from 2.6.29 through 4.0.9. These include authentication bypass, file upload and execution, cross site scripting, SQL injection, and more.
39d71feb2c0a4b792964ca2c7bb1c31d0c6d597b9627dff9d510ba1409e9372b
This bulletin summary lists fourteen released Microsoft security bulletins for August, 2015.
1dc27c6d1f643b44b0b58f861369cebb628412245e57dba1aa463c5ccaa54cf8
This is a public blog posted by Oracle's CSO Mary Ann Davidson. It provides a rare glimpse into the corporate mindframe reminding us all that license agreements are always respected by hostile parties and therefore security researchers should not even consider reverse engineering Oracle's code base. As has been proven time and again, Oracle's bullet proof unbreakable security does not need public vetting and they consistently can identify and address all issues without your needless meddling.
d16deebdad2785cf38a42eaa182a2fd03f6976eacc830f7b05b1f5489393b40f
Red Hat Security Advisory 2015-1586-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
07028284c26b9667002277f33827d74bc649bc8c2bc950e2c75afe28ad4d47b6
Ubuntu Security Notice 2702-2 - USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
65d42413fe11e2a48dd6d53eeba68c39ca1690d1ee5c7080c2611bb212733ef9
Ubuntu Security Notice 2702-1 - Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
eb4f0698d0840f8b27ecccf255319fc36fba0d604fe7a42f5d71b3a2662170e0
Red Hat Security Advisory 2015-1583-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.
0432e0fe802370f2c71c251d54b8fcf57755cceb2d0f1a7bcfd68793d70485c0
NeuroServer version 0.7.4 suffers from a remote denial of service vulnerability.
ae7a9b1978e25b76292356e560fc913019ece2f561906ed81d42f72200bd9068
PDF Shaper is prone to a security vulnerability when processing PDF files. The vulnerability appear when we use Convert PDF to Image and use a specially crafted PDF file. This Metasploit module has been tested successfully on Win Xp, Win 7, Win 8, Win 10.
4cfd17506f3532fedc41f42c5f19c5b2b9e90caff1f4fc35680379640c1a8990
My Contacts Backup Pro version 2.0.1 suffers from command injection and cross site scripting vulnerabilities.
ae4ff0155a9570186f3d94be2cbaa09c1faf9dd6b80ff4611aa29ffb5a78006e
Printer Pro version 5.4.3 suffers from a cross site scripting vulnerability.
af437bb2899fc9e6b11e06307c5f319e93e74501f935b1fdc54f33149b6fa690
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
37f145c575d4b49eaa2d0b6ed8067d1e4687f7fa3927b6154f7a5d7907ba947a
QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804 log crypto keys on an unencrypted disk partition in world accessible files.
ddfdf6fd5fb3490dae2ed64c6e9b6432242ddd203d798cd07412aaaba2d7b6ed
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
60b2789dbc78910835fa27a1657fd42830972f8a75d1e6a6b17953a9a44a7c9b
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
7430ca94bdecc09ad7cd2be9327a0647919c50aa9377d1247701908672d920ca
Debian Linux Security Advisory 3330-1 - It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command.
9ec5ec85bdcecd061f51bcc28a6fc9bd8dcdc10d71ce40b998ad5ca072cf8527