Pi-Hole version 2.8.1 with web interface version 1.3 suffers from a persistent cross site scripting vulnerability.
dcdfd8e2b303c612ea99f185e33cfd910d4a217f8d34dbe3ab23d1823435c694Red Hat Security Advisory 2016-1617-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
471c2b8a660fd8f4a00844ff5f40620ed4db305e1837a36ea96e3c108bb5d027Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
54f4b951e180b3a895c30923eeca0350540358ec13a2673cf992697e9ed5161dGitLab suffers from a privilege escalation vulnerability via the impersonate feature. Versions 8.2.0 through 8.2.4, 8.3.0 through 8.3.8, 8.4.0 through 8.4.9, 8.5.0 through 8.5.11, 8.6.0 through 8.6.7, and 8.7.0 are affected.
210e11a53dc6bcbfc30264835c0edab86a10922054e540e0f6856eb4956d88bdMicrosoft Office Word 2013 and 2016 suffer from a sprmSdyaTop denial of service vulnerability as described in MS16-099.
1d08affda8ea6047713326103a60d74176d11268a3f9b5d83d8075f46d7fae20Lepton CMS versions 2.2.0 and 2.2.1 suffer from a PHP code injection vulnerability.
7a8491e07971f4d5fbf5e8f5ce690f163cde25c1719489e47056633908b74736HP Security Bulletin HPSBHF03441 1 - Potential security vulnerabilities have been identified in HPE Integrated Lights Out 3 and HPE Integrated Lights Out 4, and Integrated Lights Out 4 mRCA. The vulnerabilities could lead to multiple remote vulnerabilities. Revision 1 of this advisory.
7889e4f573031fdbcd9fbf761f17dfb5923a384253397c2e9d451aeb014e4133SAP ABAP BASIS version 7.4 suffers from a hard-coded password vulnerability.
c2f2ad6d80654372a57d24cf5bf501f4f3bc5de46217cff4a93421ee97dc992bLepton CMS versions 2.2.0 and 2.2.1 suffer from a directory traversal vulnerability.
0be91ef33d5c0bc16086ab233e07964b406340a17ddb1ee63ca424c685eda1f9SAP Hybris E-commerce Suite version 5.1.0.3 suffers from a hard-coded password vulnerability.
daf8b4bbd6787dc3c0a7457e078026f3ad9872c0941ce5b13a4f85401240fa99HP Security Bulletin HPSBGN03634 1 - A potential security vulnerability has been identified in HPE Enterprise Solution Sizers and Storage Sizer running Smart Update. The vulnerability could be exploited remotely to allow arbitrary code execution. Revision 1 of this advisory.
06f9b4bc7cb59b1007f7ab1901ffc0300d48726096bc986e192aa400cf7b580ephp-gettext versions prior to 1.0.12 suffer from a code execution vulnerability.
fadab1622e4459189e9eb36508d2ef03da0c2acebbd4a57d81aaff074bf401ceHP Security Bulletin HPSBST03629 1 - A potential security vulnerability has been identified with HP StoreFabric B-series switches. The vulnerability could be remotely exploited resulting in disclosure of privileged information. Revision 1 of this advisory.
60dfeffeab93ed3fd5862d279067ca304090e8eedbadf0cd03e8fa83060c6baaActiontec T2200H allows for command injection that provides a remote root reverse shell.
28169bbcf417020b949571295e53959017cd3341ec9c096c5b7311102388ba56Junkware Removal Tool suffers from a dll hijacking vulnerability.
23d8a8f3ca78303010ab4d0d42d5759efd2c8ff358813a99c7fbe2ed75bd4080WordPress Magic Fields 1 plugin version 1.7.1 suffers from a persistent cross site scripting vulnerability.
0e5a41214c3cdf2ddfe900c79fee3656604680337cc6e471ee17d963634ee9feWordPress Magic Fields 2 plugin version 2.3.2.4 suffers from a persistent cross site scripting vulnerability.
1e2e9b0aac7faf7ff9732c41c744fcecda575220ec7c738221745f25368cff8bWordPress Link Library plugin version 5.9.12.29 suffers from a cross site scripting vulnerability.
2e33996f60775e70ea4ebb78d472ee992b557cb5f8f855a3a6ac1a0c2fd005b1WordPress Ajax Load More plugin version 2.11.1 suffers from a local file inclusion vulnerability.
e706562a71b9bb015efaece380e49a06c278f92b628b2583cd6b20cc38ce5b94WordPress Theme Directory versions 2.0.14 through 2.0.16 suffer from a remote shell upload vulnerability.
f9fbb19a9b58aeee4f54d7e668caceb3372e83a8daf2544b912e390992cf9481WordPress Tevolution plugin version 2.3.1 suffers from a remote shell upload vulnerability.
db73ad22f7afcb626516bd5d8f6efa6d5efb4b1ebafb1a59d706da5051a242c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed