Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
1816680b824050a758e4c30a63694622b5b24615d87e93c7e7e7ce02de19fcfcWieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.
bc2803c96e427d6a6087d645f5637137806ef1a34c69fd155cd263fa3d0bee12Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
b39dc515a9918053d756c99939d54b8d713da1f97c251287ddcae2d2b507a879Exponent version 2.3.7 suffers from a remote code execution vulnerability.
c860521e13cb68a7d5e2065b83c714419c3402786742f17f19e96a31700e22ccYeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.
03e6c9d482ae673cb0b908755a1f9f71b4985c832a6f00acd3a78b5606fbb2e1File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.
f7ed220cd1cf701a880107cde599b7c67a2969d8d7a322189e68685fa78dfc62PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.
e1c1089223f4dd178980e8fdafd9c94f706acb389ba257a206a517387c37ecf5Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
07f7ebf8f74c09bb0ac83c04c0164bd294ed6ea10b79947d7803772b8a3feb22ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.
0c60a233b11ee96db98238be0dc6eb3999f1ad52bf65bc6a1b30831a5bed3de2Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.
4f718c9b8672df70ac27014b0f740610b9cdf5c24f5679eba0497c68bcbe2612EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.
20de6bd9297ddd8a1fb42d72cb5fb400141a8b891a25ad8d400b3196582d67fbSophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.
4bbb67e3c1104c55b9411087392ea4ec3ac1ff5d5df3b757354cee344210a31dASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.
acefe4f7da5e0a9ebebc7265a613a32f86d3d8d789508910725b215e88ef92d7Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.
6d99c0ab96d627084eb77a8ada62536fc9cdfb024d00cd992c46f7b2be77198fD-Link DSL-2750B firmware versions 1.01 through 1.03 suffer from an unauthenticated remote code execution vulnerability.
c531b27d0dbe64804e2588a1796bd7c1c0844a6c84a1427541b9fe1efa394843Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability.
94ead438d14486e4610edf5583b16d8111dc04148dab800db53d7b3378f9119cA DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
2d60a51e6e82dbfc3d3f990fd98e9da3a6ed414a4dda68ab35f60ef08899c1e2A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
46c78e46c86080f3c7dc443a900413e500d7f7d0f20d2fca23e1a30ed0482f7cMyScript Memo version 3.0 suffers from a persistent script insertion vulnerability.
2cc54638497f02d18063a7ea37719d4d396f9b9e24a068450adf0e41638e12abFile Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.
1e932ad37235e084cec291c443559f1618596e9e4aeb99495070e23c3b922ea6A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
1b2dddead234857b365162684d8bbf28ae57f80f5af04c34105b408b35df5d6eGetdpd suffers from cross site scripting vulnerability.
743c05bc874ab2ab3394ae6cb221070190c55cd7c5826e809e6fd6b0238efbdcDeepin 15 suffers from a lastore-daemon privilege escalation vulnerability.
f61b80686c02876b5b74515d28d5cf5c64d30582c5d37d244e26872bce0c499b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed