The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.
15e844ae6193dee99a1f13d80853248247c00f3baaac1706b37ffdc2478eb54aMicrosoft Internet Explorer has a read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout issue.
b53f8e4c4ebe84b15587cf2408a4e03b8bba9fce031e88a6b70310b5cab23a39HP Security Bulletin HPSBGN03558 1 - A potential security vulnerability has been identified with ArcSight ESM and ESM Express. The vulnerability could be remotely exploited to allow disclosure of sensitive information. Revision 1 of this advisory.
28d0bc2f388a200af3b1537d9e5168c41fd4215d9f8a4f0c1be046c2a7f360b7Ubuntu Security Notice 2935-1 - It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, or possibly bypass authentication. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
d110bf2dafaa23143df1fbb2f1b980d26ab199a82f114251a10d01f4de388c86Ubuntu Security Notice 2930-3 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
707b4c115844dc4faebd1fec2fb66e92b60bc56880df0b10e6b9c05bdd62934aDebian Linux Security Advisory 3518-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection.
dc72260fecc1752a6e3c4c3ff2f6053dcd0afb084cb39dc1e3ad48e6d3f2b37fSlackware Security Advisory - New seamonkey packages are available for Slackware 14.1 and -current to fix security issues.
63e7436a20b7f16a9193f2d1c474e58f41258cf6ffd9a05661a2fc963ef50202Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
1c99e71a3fad9650a752f68bbbef7c024a33b46b4b822521373fefb124404fdbMobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
215db863dcdeca863fb174fd724d9d0cdd0c4653f30eb69dab71e49afcaeda6cApache TomEE versions 7.0.0-M3 and 1.7.4 have been released to address the vulnerability in CVE-2016-0779.
7a86eadc9d1a0c572c427b8b770a26e63f25a4bbeb52d74b04a4cdb22d7e750cLitecart CMS version 1.3.4 suffers from a cross site scripting vulnerability.
4cb7456694a81224960fbf8001ba720d140582b309f4096d0341ed93e2691c6dThe Netgear CG3000v2 cable modem fails to validate an admin's old password prior to changing to a new one. It also appears to suffer from cross site request forgery issues.
60a9f0aaa0dd1bda3794476688930f7d44eef4e51d60f57a34808b39c96672ffNetwrix Auditor version 7.1.322.0 suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the 'sourceFile' string parameter in PackFile() and UnpackFile() functions in 'Netwrix.Common.CollectEngine.dll' library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute arbitrary code.
db825249db3363632ce5398e5a1a478c8eb43957adac1cbc99ffdd9d41d19e51BSides Las Vegas 2016 has announced its Call For Papers. It will take place August 2nd and 3rd, 2016, in Las Vegas, Nevada.
47f535e27fa7797f9e5e41782d91a6f18a81f1d91be895e77faebcdf3ea369a4Chamilo LMS version 1.10.2 suffers from a cross site scripting vulnerability.
12f915c60ca619847a0cd7048a890848d0bc5b2449afdcc3e307a8cc7c233372
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed