NoviFlow NoviWare version NW400.2.6 suffers from cli breakout and code execution vulnerabilities.
7d87e7bcf8e086b39d271367ffc5ec98Debian Linux Security Advisory 3946-1 - It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.
41203652aeeaba8153a6dec73c153cfaUbuntu Security Notice 3396-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.
563a851a69fe1deaec7a5894f67e7722This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
7eadfd94788e579c42212511e87507feSymantec Messaging Gateway versions 10.6.3-2 and below suffer from an unauthenticated remote code execution vulnerability.
7dd636c418195ae42c99af8620854ec5MessengerScan version 1.05 Hostname / IP field SEH / EIP overwrite proof of concept exploit.
d01b51ff6d93ca2535ac08f25c5e60adMS05-039 Scan version 1.0 hostname / IP field local buffer overflow proof of concept exploit.
220466729f7d646f04bfa6d4f96f833aMyDoomScanner version 1.00 Hostname / IP field SEH overwrite proof of concept exploit.
edddd4e7dc4902da8543a8f7ae8f9949DSScan version 1.0 Hostname / IP field SEH overwrite proof of concept exploit.
f87d80f851cc2e46db1143906609c748QNAPQsyncClientWindows-4.2.1.0602.exe suffers from a privilege escalation vulnerability.
270430d48e89c7166a852e8116c210fdLiveProjects version 1.0 suffers from a remote SQL injection vulnerability.
161375955bf331f2df8195250c0a4d62MS05-039 Scan version 1.0 Hostname / IP field local buffer overflow proof of concept exploit.
394e9ea4b3eb977bf9e15c2d5d678161The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.
1c0a600c9f6a0a47943a2a57744fe943Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
c8908f6bf286f4cf4b1a6341a51852ffUbuntu Security Notice 3391-3 - USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
70cb762bf916b30e1ecee308a541a880Red Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
2f87d3f7e18f8ea1608c332b3ef8877cUbuntu Security Notice 3393-2 - USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain e- mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
3c6110b7ada194e5b8f653a22bc2baec
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed