A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.
a956ef69b6eec1c1f29c363156850becA crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.
23fc0430ca45db9b403d1ee9087def24A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.
02efc3b1b4986da7c5166e2d64e02944Coppermine version 1.5.40 uses straight MD5 without any salt for storage of passwords.
6fa277e88c20784e30161eadab71c9c1Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
50337edcf8fd3eb99bebe4d37a0a5cafProxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.
7bf79fb1f827a09a146b676a1cc4f9e0Ubuntu Security Notice 2908-5 - USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
44f70adacad6e1a82cf0ae5fbdf70a53Ubuntu Security Notice 2909-2 - USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 14.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
1cf78b342906c878c9d7c072a8ead99fUbuntu Security Notice 2910-2 - USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
11ae9b71c8bba7139d801079e610e2a9Gentoo Linux Security Advisory 201602-3 - Multiple vulnerabilities have been found in libwmf allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.2.8.4-r6 are affected.
72088a23dcc230d4fbd97066df4e7147Ubuntu Security Notice 2908-4 - USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
f40420f5e2b4f0bbe668489ac95575e3Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.
9ee9ba5f1db7f810bbb124ace07e9da4WordPress WP Ultimate Exporter plugin versions 1.0 and 1.1 suffers from multiple remote SQL injection vulnerabilities.
e0b2a7f7b9a61ae9647b10e3a4aeceeaCentreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
40b9869aaae9701f0648ec3012fe5f27Debian Linux Security Advisory 3492-1 - Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.
7f990faefcadc55fd4c0588fa966b7beRed Hat Security Advisory 2016-0297-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0.
00e83d49fb0422c61126aab91853b99cDebian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.
7b64bc56bdfb15859350ad791e96f648Infor CRM version 8.2.0.1136 suffers from multiple cross site scripting vulnerabilities.
74b4a98d4859dcfa47ba7f62afa1bc50Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.
c2e1a71f34137aeaee5e6fa5f9557534HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
f735bb2272e9e3ec3ef4646dc97d36ebHtcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
09bdd3514bd444e411a87140b8bd28c2Cygwin suffers suffers from a dll hijacking vulnerability.
945e53b5cd9a63c5a7567d5da7106823Various D-Link and Netgear devices that make use of the FIRMADYNE framework suffer from command injection, buffer overflow, and authentication bypass vulnerabilities.
125fe218a81ccd560b65ee071febb0cdGoogle's Chrome Cleanup Tool suffers from a dll hijacking vulnerability.
2f03231c35dc579fb0a013456600b14bGIMP for Windows suffers from a dll hijacking vulnerability.
18c41257dcf0401926b3da64a6a1ca33
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed