Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability.
4cc41f549b88fe2837f271bf8f082e620723704c4348deca8497b1a148cac442
Steam Profile Integration version 2.0.11 suffers from a remote SQL injection vulnerability.
072182c73866113a91a6a4ef6f5f0fc076f5d0837ee161bda2a1f70721fd9086
GitHub Enterprise versions 2.8.x prior to 2.8.6 suffer from a remote code execution vulnerability.
a342b81ed2b1e63765a37c303b794cf55451aad19482eabd0f5853af68b78e2b
USB Pratirodh suffers from an XML external entity injection vulnerability.
753960d05ce88ca08fe0c91b1b16a0cee2861310d8ada86bd24118a2e943caa8
Skype version 7.16.0.102 suffers from a dll hijacking vulnerability.
011f971bdb45d821640b52a50a8840eef5c6b5fec316c457347aa001a208a0da
Ubuntu Security Notice 3234-1 - Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. Various other issues were also addressed.
5c5e8fa100d4395abf35ee60376533197d5f908f480034af1b0af1c578c3ac34
Ubuntu Security Notice 3234-2 - USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. Various other issues were also addressed.
3b8a170883b326573977aa700ad8d4416fc9066a89106d450e459a05f114aba1
Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability.
6c3a2f1a4a9fce3cb5b0969cffc7d3bb342fad7daeefec4c8a8bf5c8ce602491
Readymade Job Site Script version 3.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
11b4a25c0f5b8adc6a3ea0def952a909a1edbd314c09e688082c25c68b6da4d2
Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.
3c51b078f0d29ee8f8f11fe84b643afac24b5da42fb26ebb75e637de90e17d12
Red Hat Security Advisory 2017-0536-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
3af1eb64e5ba3a9b5d81b25a21ebffb1e2f294a7de691d353e4c631ba8ccb8eb
Red Hat Security Advisory 2017-0533-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.
5aac3333ccf258369f447965f1aa956036b7f07ef0922899d13b2fd78fb0d276
Red Hat Security Advisory 2017-0527-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.
5563927de693905a07c529e79ed81ecd290e30a393af413dbf50c8b8a15b6dc1
Red Hat Security Advisory 2017-0535-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
4e9fa9619a220759defb0ea857794e676f954f9e8951e43f7f89e8c7e18dbf58
Red Hat Security Advisory 2017-0532-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.
1cee28b179bf71b3773e779c3e4361174692d0c28b5b4ba27c8cbfbbbb4b420b
Red Hat Security Advisory 2017-0526-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.127. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
f4dc41a875733fe867aafc7c260d00ea5866dd4eea8f84d38ece0fdec56c5ad3
Red Hat Security Advisory 2017-0531-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.
4beb4d35a3a4f227be5a4c1d95ae891714b97abaa1a874e66592df077266d3d1
Red Hat Security Advisory 2017-0530-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.
49ff41844ef9cdca3cfe2faaed5e06982346f7330df13c931d593bb39403ad23
Freelancer Script version 4.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
aa47f6171347eea8b9a4af07ba557e35396ce1b05657b58e39f1c19491cbd650
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
55403a5baea674a412655e8504c2778c4ada5df6d60dc464e462bc8b97b93c8b
USB Pratirodh suffers from an insecure password storage vulnerability.
a895986ed36a43033420627029de1148f97cd000832e0dcb6d3ac3ff1708391d
FTPShell Client version 6.53 buffer overflow exploit written in python.
ff6879bdce2b467dd1022aca978515606bf36752239275e405d58a892014ac9d
ASUS PCE-AC56 WLAN card utilities (PCAUSA Rawether Windows 10 x64) local privilege escalation exploit.
397c569e8c2bd8c3bd6f81e3dc8c7a39a2af39ca0d419c2c79d1e759b6888f66
Joomla Vik Appointments component version 1.5 suffers from a remote SQL injection vulnerability.
9f135f197bbd849839432cade34775c49fedaa7171d4af6be63c1f20aa85f0f8
Joomla Vik Rent Items component version 1.3 suffers from a remote SQL injection vulnerability.
e27f9f079a7a5122dcd876e3b840cf2f3ca3b201d705b2b3fd6d94c12d8974e7