PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.
a8d93d0765a7ef8c053689bf16f98416PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.
1fdc5c7830f2da4287fa3946e611790aeBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
d2181bd7beca099c282ae1ffab5c7129Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.
e705ad82b5f949eb6258c6cf69e353c4Pligg CMS version 2.0.2 suffers from a directory traversal vulnerability.
099c1daa6ff543433a0f7a9e639d18c3Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.
b83af660caef210e0cc64398f4838206Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
c3a4cd0f371e31c21f7e0fa057acc7b9Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
0793c71e5b11f5d11fbb4d91f15162aaDebian Linux Security Advisory 3384-1 - Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.
a176783623893216933f42c296ff1eccDebian Linux Security Advisory 3383-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.
0230183090bf9c31d852418ca52d1c95Python 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.
515b5867e161a589089030fb49cd7c81Debian Linux Security Advisory 3332-2 - The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem.
af0b24aace123761eafc5402ef8450eaSlackware Security Advisory - New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
f82c4f5ffb2f82e1974245bfd0863dd6The yaml_* parsing functions suffers from an exploitable double free caused by the error path for the php_var_unserialize() call on line 797 of pecl/file_formats/yaml.git/parse.c.
6535acd96143e2df25ceaf842dacb743The PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.
dae14b730720b054280ebf01f6da9cb3Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.
7e916b78b0e2070a0f07e3934a07f382Libstagefright integer overflow checks can be bypassed with extended chunk lengths.
2731337a16f999a4060fa253ef21824eThis bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.
37fc5b503d6e99570121b46506933e43Red Hat Security Advisory 2015-1955-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.
e69f1dc794679a81bf7da177650eb823Red Hat Security Advisory 2015-1956-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide Critical impact security patches or urgent priority bug fixes, after this date.
0f44d6c5db0be138006bb28d8bc430baUbuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.
0280934dc31e2890e5aeb9a1b85496dfTAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remote penetration testing platforms. Essentially the concept is simple, you pre-configure a brand new box and run the TAP setup file. This will install a service on Linux that will be configured the way you want. What it will do is establish a reverse SSH tunnel back to a machine thats exposed on the Internet for you. From there you can access the box locally from the server it connects back to. TAP automatically detects when an SSH connection has gone stale and will automatically rebuild it for you.
3c249135b3849079f6e70ccc7056b104This article examines the security challenges facing us on modern off-the-shelf hardware, focusing on Intel x86-based notebooks. The question the author will try to answer is: can modern Intel x86-based platforms be used as trustworthy computing platforms? The paper looks at security problems arising from the x86's over-complex firmware design (BIOS, SMM, UEFI, etc.), discuss various Intel security technologies (such as VT-d, TXT, Boot Guard and others), consider how useful they might be in protecting against firmware-related security threats and other attacks, and finally move on to take a closer look at the Intel Management Engine (ME) infrastructure.
0332f6a23b8f8f97862af9f9d66869bbOxwall version 1.7.4 suffers from a cross site request forgery vulnerability.
0fb896721d9c1e4acd543f69345e3e3aPrivilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.
af168e7674aa3ddcd91f2741d2711c3d
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed