ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.
a2979fb7ec37494a903eb30ee43ad91332dca8b48a2bc6b4adfe613fa9fc6001EMC Documentum xCP allows authenticated non-admin users to view information about other users.
d204ecebd693cb7dc0af19bead0d1f1d091bff3be94a465a248c655202283b24The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
388ffb0d7e4b971f73e32f060de1274f92ef20326f4b8bfba8af268be8ea1e0cAIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
b1fb6eff0e49ee672a8fcbba6da66b2b56b917d74c66909872a528753070ddb1Ubuntu Security Notice 2915-3 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.
8586794c9845209ae592e937ccc373ca4df735b81aa0e813802d3d4267969fd5WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
75e1fa334e9af6f61114b52bf47a241a442419c6a9bfdca517ecb622eb11c479Red Hat Security Advisory 2016-0358-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.
4ef90c45af8aab162bdef1825d225307bca654e129481f197b0dd3041908c49aGentoo Linux Security Advisory 201603-2 - OSC is vulnerable to the remote execution of arbitrary code. Versions less than 0.152.0 are affected.
2f95cc19f4194671cc2e95e4ffd224c049e39ff8715c37ceba23033512b39045Gentoo Linux Security Advisory 201603-1 - GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service. Versions less than 2.8.0 are affected.
2d937b6ac357f3db2174623be462148d061d7a88daeede1c70456a45ef12569fUbuntu Security Notice 2921-1 - Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
f84a712b7c12a4726bf1d75a8afc8c6d4f1498171252c77c3fa8930e91956d57Ubuntu Security Notice 2915-2 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.
934e0831f012dc4a73f5c187aa3304a84cc43ea7c0219724406b5567359fb26aDebian Linux Security Advisory 3508-1 - Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files.
d72cd025ee8c1eebbea9a16ad7bf25444a0bbf771cc91a3c358473b215021d7cDebian Linux Security Advisory 3507-1 - Several vulnerabilities have been discovered in the chromium web browser.
d43c9bf4f0b9ec302e70ab07d62a1c9aca98d089c0dffc06400b3bafb689ed34Red Hat Security Advisory 2016-0359-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.75, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
621f9498a76216a5b979a7ccbd6b3deadcb0773b1f6d38fd7454125fa5877ce8A crash was discovered due to a use-after-free condition that can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
525502296b8244692bc3110a6323103f8e1f5f973df4862e4d19079d8ecd17e8This is a simple reverse shell written in assembly for remote command execution on win32.
896d5235c9827973cc96df4bfde3554d14494a09f77c947ad44f5ed8f639a7a6ClamWin version 0.99 suffers from a DLL hijacking vulnerability.
b2be3253bb37ef5ad3a81cc596f0eb316ab73089f786a5ac15cca8b8d5244edbMalwarebytes setup installer for version 2.2.0.1024 suffers from a DLL hijacking vulnerability.
4c68ab7be17dc69d5fc7d842b67e3ba92a96d4a9d648dc198085ce4cde220967
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed