ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.
a2979fb7ec37494a903eb30ee43ad91332dca8b48a2bc6b4adfe613fa9fc6001
EMC Documentum xCP allows authenticated non-admin users to view information about other users.
d204ecebd693cb7dc0af19bead0d1f1d091bff3be94a465a248c655202283b24
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
388ffb0d7e4b971f73e32f060de1274f92ef20326f4b8bfba8af268be8ea1e0c
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
b1fb6eff0e49ee672a8fcbba6da66b2b56b917d74c66909872a528753070ddb1
Ubuntu Security Notice 2915-3 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.
8586794c9845209ae592e937ccc373ca4df735b81aa0e813802d3d4267969fd5
WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
75e1fa334e9af6f61114b52bf47a241a442419c6a9bfdca517ecb622eb11c479
Red Hat Security Advisory 2016-0358-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.
4ef90c45af8aab162bdef1825d225307bca654e129481f197b0dd3041908c49a
Gentoo Linux Security Advisory 201603-2 - OSC is vulnerable to the remote execution of arbitrary code. Versions less than 0.152.0 are affected.
2f95cc19f4194671cc2e95e4ffd224c049e39ff8715c37ceba23033512b39045
Gentoo Linux Security Advisory 201603-1 - GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service. Versions less than 2.8.0 are affected.
2d937b6ac357f3db2174623be462148d061d7a88daeede1c70456a45ef12569f
Ubuntu Security Notice 2921-1 - Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
f84a712b7c12a4726bf1d75a8afc8c6d4f1498171252c77c3fa8930e91956d57
Ubuntu Security Notice 2915-2 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.
934e0831f012dc4a73f5c187aa3304a84cc43ea7c0219724406b5567359fb26a
Debian Linux Security Advisory 3508-1 - Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files.
d72cd025ee8c1eebbea9a16ad7bf25444a0bbf771cc91a3c358473b215021d7c
Debian Linux Security Advisory 3507-1 - Several vulnerabilities have been discovered in the chromium web browser.
d43c9bf4f0b9ec302e70ab07d62a1c9aca98d089c0dffc06400b3bafb689ed34
Red Hat Security Advisory 2016-0359-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.75, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
621f9498a76216a5b979a7ccbd6b3deadcb0773b1f6d38fd7454125fa5877ce8
A crash was discovered due to a use-after-free condition that can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
525502296b8244692bc3110a6323103f8e1f5f973df4862e4d19079d8ecd17e8
This is a simple reverse shell written in assembly for remote command execution on win32.
896d5235c9827973cc96df4bfde3554d14494a09f77c947ad44f5ed8f639a7a6
ClamWin version 0.99 suffers from a DLL hijacking vulnerability.
b2be3253bb37ef5ad3a81cc596f0eb316ab73089f786a5ac15cca8b8d5244edb
Malwarebytes setup installer for version 2.2.0.1024 suffers from a DLL hijacking vulnerability.
4c68ab7be17dc69d5fc7d842b67e3ba92a96d4a9d648dc198085ce4cde220967