Red Hat Security Advisory 2016-1650-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
1fdd97874e8f34357aa4e0e66133e9488d4279f97fb76a354f29754e7682ff4a
Red Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
6f912c3eac60b24e5fcc49c83f0bc9b2f7d63a1d9a3b172fda35193e1fba6f6f
Red Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
0fbbe7de26ce0f8882caf38888994f49325573c52f60f9e0cd5197f1f5fc4906
BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.
f1cc0ef523db5ceca559ff6245e673e90a6309eaeaf13d63e575e3e9b70a5ea8
This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
aad984f8708901b83c5d2147e19d13750c153fefe31400973769c9a1fcdedf8c
Jaws CMS version 1.1.1 suffers from a cross site request forgery vulnerability.
4c7cb7244f6adffe5ed1f13324e54993002a2ec03435b20c3011a615f7c706b9
phpCollab CMS version 2.5 suffers from a cross site request forgery vulnerability.
8f9e3cce787d1818859b78c4a1a0f36e22a4f9771670aa92f3509e1deec787c5
AVS Audio Converter version 8.2.1 suffers from a buffer overflow vulnerability.
7afcffa21ea4851d253f1a3293dc20489b947ede25b757fba0c6ccc047eef575
ISPconfig version 3.0.5.4 p6 suffers from a cross site scripting vulnerability. It also leaks exception information.
9b4e17f23d24a8657ca32e66aeb0806fdf89bf27015fdfef444397eb7a0a7850
HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.
d61092f8531c4cfe3e647e6a78dff740f1529c96097e41b94e0050770ca40436
ObiHai ObiPhone 1032/1062 with firmware less than 5-0-0-3497 suffers from buffer overflow, cross site scripting, cross site request forgery, command injection, denial of service, and various other vulnerabilities.
c01c956473f4e72a247182e6bcb22fe0af02e5eb1aefac7e5b88a3868d051233
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
45c2e22502791bfe86078422fa15356b7bc96502a65508e557610391eb318078
Newtec Satellite Modem version MDM6000 2.2.5 suffers from a cross site scripting vulnerability.
66bc91a91c3296445a0ce9b51f0b9593e0c5ff0d247b6788f617a033992cf9be
Sakai version 10.7 suffers from cross site scripting and local file inclusion vulnerabilities.
8cb08ef574e8508f30e00deef1ab74e79262f9ff08d0758749576594bd1523ed
WordPress version 4.5.3 suffers from a path traversal vulnerability in the core ajax handlers.
78a9e8298d6dbe41d508c8f450f6b57d41e9ba8bdefa0dd06867e661676810ca