Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
88ab7b3b4102bd8accdcfdf4cfa93f6cWieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.
e786bb378c57d5b456d3ece1834c4da6Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
c3c2db6ca599bd3ddeed4362da3c3e1fExponent version 2.3.7 suffers from a remote code execution vulnerability.
06282dadbf528761a212ebba8de2a28dYeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.
52c426706da7c84f5ccd2b0fd6939d01File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.
ea479a9db0f43f7d678bf4a3c112e551PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.
599daddbca4b64bcc49cadb1e5e997aaMihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
b8569a8549aa92d5ba4b7abf0c625fceManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.
20207216cc899c503992ce4102dbceedNode.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.
b4347de1f70a4ee9859e0a6f8dcd08bdEMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.
83549d0a3264410db77907b3175b6724Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.
0170a588f886d71b8871fad6e8f2547dASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.
00e62587a24303e07531652cea981350Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.
3dfc8a8b9c01fc309e22e68f6ff1f6eaD-Link DSL-2750B firmware versions 1.01 through 1.03 suffer from an unauthenticated remote code execution vulnerability.
917680b66d32b46ee7b9a6ddc3564888Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability.
d90c1f5b5923a024fe37e8e7b021bcefA DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
632b9c6f9b607be841c941291563eda9A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
03d0994a8891ad04f91944e661be197cMyScript Memo version 3.0 suffers from a persistent script insertion vulnerability.
00f071b38af03dfdd378125b05430227File Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.
eaedfd5785c0a9dfda966f034d006a98A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
170d90f9095d8cc1c7d35ab9cd4b5937Getdpd suffers from cross site scripting vulnerability.
06e30923894b1f9e230681c5eb77e0d5Deepin 15 suffers from a lastore-daemon privilege escalation vulnerability.
da48a83086ca33a3ce89cb7d05f7902d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed