Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
1816680b824050a758e4c30a63694622b5b24615d87e93c7e7e7ce02de19fcfc
Wieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.
bc2803c96e427d6a6087d645f5637137806ef1a34c69fd155cd263fa3d0bee12
Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
b39dc515a9918053d756c99939d54b8d713da1f97c251287ddcae2d2b507a879
Exponent version 2.3.7 suffers from a remote code execution vulnerability.
c860521e13cb68a7d5e2065b83c714419c3402786742f17f19e96a31700e22cc
Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.
03e6c9d482ae673cb0b908755a1f9f71b4985c832a6f00acd3a78b5606fbb2e1
File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.
f7ed220cd1cf701a880107cde599b7c67a2969d8d7a322189e68685fa78dfc62
PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.
e1c1089223f4dd178980e8fdafd9c94f706acb389ba257a206a517387c37ecf5
Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
07f7ebf8f74c09bb0ac83c04c0164bd294ed6ea10b79947d7803772b8a3feb22
ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.
0c60a233b11ee96db98238be0dc6eb3999f1ad52bf65bc6a1b30831a5bed3de2
Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.
4f718c9b8672df70ac27014b0f740610b9cdf5c24f5679eba0497c68bcbe2612
EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.
20de6bd9297ddd8a1fb42d72cb5fb400141a8b891a25ad8d400b3196582d67fb
Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.
4bbb67e3c1104c55b9411087392ea4ec3ac1ff5d5df3b757354cee344210a31d
ASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.
acefe4f7da5e0a9ebebc7265a613a32f86d3d8d789508910725b215e88ef92d7
Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.
6d99c0ab96d627084eb77a8ada62536fc9cdfb024d00cd992c46f7b2be77198f
D-Link DSL-2750B firmware versions 1.01 through 1.03 suffer from an unauthenticated remote code execution vulnerability.
c531b27d0dbe64804e2588a1796bd7c1c0844a6c84a1427541b9fe1efa394843
Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability.
94ead438d14486e4610edf5583b16d8111dc04148dab800db53d7b3378f9119c
A DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
2d60a51e6e82dbfc3d3f990fd98e9da3a6ed414a4dda68ab35f60ef08899c1e2
A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
46c78e46c86080f3c7dc443a900413e500d7f7d0f20d2fca23e1a30ed0482f7c
MyScript Memo version 3.0 suffers from a persistent script insertion vulnerability.
2cc54638497f02d18063a7ea37719d4d396f9b9e24a068450adf0e41638e12ab
File Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.
1e932ad37235e084cec291c443559f1618596e9e4aeb99495070e23c3b922ea6
A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
1b2dddead234857b365162684d8bbf28ae57f80f5af04c34105b408b35df5d6e
Getdpd suffers from cross site scripting vulnerability.
743c05bc874ab2ab3394ae6cb221070190c55cd7c5826e809e6fd6b0238efbdc
Deepin 15 suffers from a lastore-daemon privilege escalation vulnerability.
f61b80686c02876b5b74515d28d5cf5c64d30582c5d37d244e26872bce0c499b