CMSimple versions 4.6.2 and below suffer from a cross site scripting vulnerability.
81de68bdf9a7b279cdc44cfd72219c6809d4b4491086e1b683f57281cbc6f591Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, & X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.
94c58243dae1ec65a97d2ba02abb2323b4e5c82501eb7f8cfd85b460a0194157Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.
86f16a585b31311d54705ed9a9f89e3e7f9a9f7fb81cc770e74eb4ff7bc82dbcWebsockify versions 0.8.0 and below suffer a buffer overflow vulnerability that allows for remote code execution.
caea35c7d2790c9ab4ea828774b280bdbc0c89b8236bbec43cd1a0bed3e1876fPRTG Network Monitor version 14.4.12.3282 suffers from an XML eXternal Entity expansion vulnerability.
41babc73fc9bda76f17c48714fa073370cc3e8261d71210d28b3b5a3b479575fProcessMaker version 3.0.1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
3a93fa579b0acb61f85260e2bf41982d4ffb8418eb1a4ab73d10041be2d5b819Konica Minolta FTP Utility version 1.0 CWD command SEH buffer overflow exploit.
5fb3c4082734b2bea7d205e6e01eaf8eae340d8653251aa86db8fe5c587c8f88Red Hat Security Advisory 2016-1166-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix: The following fix was applied to the python component: The Python standard library HTTP client modules did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.
116aa091e5b51bb4e976b645fbaaff53c6753ebb9b4ca77c61747631d4c5f4c6Red Hat Security Advisory 2016-1141-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.
257f45bddd3a482cefdb68cd619ab45fea0981268baa2dd55b47f82d7abb25a9Red Hat Security Advisory 2016-1140-01 - The "squid34" packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from "squid34", this version of Red Hat Enterprise Linux also includes the "squid" packages which provide Squid version 3.1. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code.
4ddd25072f9b7bdc9d460f29a486fcdf22fc646b8001810de74d8404286f2dfbRed Hat Security Advisory 2016-1139-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.
68a695fb82d9a9d930f969e15232aa6c79c5983c8c4aadcb320c3f086f496e89Red Hat Security Advisory 2016-1138-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.
1b45107a7d5870831ac496e28e1912accc9d20214d4ac341cdeaae582ad76b51Red Hat Security Advisory 2016-1137-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.
ff57ec5fbd7dbdb0badb66c133418e32abb112493bd486514cf34e374e86e95cGentoo Linux Security Advisory 201605-6 - Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. Versions less than 4.12 are affected.
f6e136b96891d177bd1fed741b580437aa9ef8f98c5b4bd3d0964a4a18ce81f0Gentoo Linux Security Advisory 201605-5 - Multiple vulnerabilities have been found in Linux-PAM, allowing remote attackers to bypass the auth process and cause Denial of Service. Versions less than 1.2.1 are affected.
482bcba0404ed57991b17cb208b3a7c51e51bceb50c88c6d4c0e48004e8fde5cRed Hat Security Advisory 2016-1182-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Ceph Storage 1.2 offering will be retired as of May 31, 2016, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.
f902ff2dace43ee8c34d2ff6da2ea62403a8d2a92a8103d1d918b9865910029dMosca is a tool that checks code for poor security practices akin to using grep against it for static analysis.
e41af96879d8dec33d2e18584d6b875e208df5971930fcea5b0a6b4764aefcbbRaptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
a37959fdaf2f95ce8625c170bf8f4582b5b3e15970f56150eb45599ccfb0bf90Payload Mask is a payload editor that can mutate an initial dataset.
2487b9f79f9908171481e14692062dc32594ebf49ba2fa4a099d317a053c7bf1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed