Alfine CMS version 2.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bd8d25abe0c3ba989859567b7465ae932a92d91005c70b7e47e11d8aeae2d32d
Mutualaid CMS version 4.3.1 suffers from a remote SQL injection vulnerability.
a455179bbdccd33589cb9f67403270734ddad7760c1b837bbbfb7bf933be47eb
A password reset session web vulnerability has been discovered in the official Ladesk online service web-application. The vulnerability allows remote attackers to reset a session credentials to unauthorized access user accounts or data.
48448a68d6625f37f4bfd263b2acf7e8357e8b4ea8097b513d291e4aa57a873d
Iranian Weblog Service CMS version 3.3 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
c3116d6596bcb349a186df81125f516059f566a684a9d04972b62ea8182c4147
Debian Linux Security Advisory 3607-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
0d223b304d17753a1ce52094557c77094582be1a5339c862d34ee91a630a21d9
This Metasploit module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable swagger-codgen appliance/container/api/service, and then to execute that generated code (or include it into software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. The same vulnerability exists in the YAML format.
925a6c94c2aaaf2800d73d3a13675fcc5378848d10e33bb01c987d3250914670
HNB version 1.9.18-10 suffers from a local buffer overflow vulnerability.
aaeae969855be3306cdcb2e32a65086c3546c2454ef4c52eae43f8d68c2a975a
BigTree CMS version 4.2.11 and below suffer from a remote authenticated SQL injection vulnerability.
968aa637a70ad16367def25fb2cfce1ce28e8f27120df89d1a374a92fc0e4e5e
PInfo version 0.6.9-5.1 suffers from a buffer overflow vulnerability.
bd449abb80e20ea86e7a578310b7a24726e21f5b4ffeaebf4d394e4654f4205d
MyLittleForum version 2.3.5 suffers from a PHP command execution vulnerability.
2d0eb479e123885dc4f3ba4bea291050b16793c255cfefd1c779cd7cd6e61bd6
Red Hat Security Advisory 2016-1345-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
2fc622331271f6afa73eb4f7e48d1d066bc6cbbf159a462885b921ad6608bee7
Ubuntu Security Notice 3016-4 - USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.
8b422961da61bd3f40b99e99fad351371bb6609bb98f432f77cc11d8d554d24b
Ubuntu Security Notice 3017-3 - USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.
a1beb623f5e33a2e8c161fd6cca966622aa0882f56c90c2404ac48f36c15fc9b
Ubuntu Security Notice 3021-2 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
a1920ccfc4f4c6e5f276bfd5d75431b8b3ae7cb57f8387df52a131fbfbe2120f
Ubuntu Security Notice 3021-1 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
a58aea903cc903ad65202dc2ce64c473a75d915b0fa02a508452f77673343643
Gentoo Linux Security Advisory 201606-19 - Kwalletd password stores are vulnerable to codebook attacks. Versions less than 4.14.3-r2 are affected.
ea592a530bcb697a8742eb3a0b6c8b5ba892f26c30d3e70a01ddfbf99e837986
Gentoo Linux Security Advisory 201606-18 - Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. Versions less than 7.2.6.6-r1 are affected.
ebdd1b365bfa8f378b59b53cf2276953c442ce0a028d0eab48f33412fe350ecf
Ubuntu Security Notice 3020-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
54f83afa154640f8024df9abd28aa401d3608933d58a98291d2ff9437c61ffc3
Ubuntu Security Notice 3018-2 - USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.
967ed36586a074ad56c5537a86344439a141220272f76359ff378d22c3a93cd7
Ubuntu Security Notice 3019-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
9290b489b84336a68219bbf34af20a42bbcb89266e0f5470f3726d9949ced727
Ubuntu Security Notice 3018-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
19b9ec27b0226f3c7b7630645b541791cdab6e5d2596d808843adf1e12571f08
Red Hat Security Advisory 2016-1347-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
a0fd5df58421128c1a07f21c9a92276cf8767d845c7f9e6fc3c0aecc8f18306d
Red Hat Security Advisory 2016-1346-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
10910d0024b75b8f8033a76719b206b712d0277d444d33e117eb8cfe6f89d1bc
Linux x86 /bin/sh shellcode with ASLR bruteforce.
eb9f0e8da13c2d6306f0927441510c06cf9a7ae3abc0d02412ff3582db632f27
Armadito suffers from a remote arbitrary file write due to a man-in-the-middle issue.
3c940d2b604802823a92dfde76f87dccff6b8a34a3da8280c1427ca2bcaf9d01