Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
2c2b3672ce06765299485a82053f137bd3e099ce7a9b7d3dab312ceff6999829The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.
d43f74be6b638e83ded4b3a857321d730eb67572bbb1a0727c4cb51696981314KYOCERA Multi-Set Template Editor version 3.4.0906 suffers from an out-of-band XML external entity injection vulnerability.
c9052cd2ab7f9839495ce8d05c2a907fa7501d1dceff407eac665610153825a5Gentoo Linux Security Advisory 201804-9 - A vulnerability in SPICE VDAgent could allow local attackers to execute arbitrary commands. Versions prior to 0.17.0_p20180319 are affected.
30a696841d7af08af28d07fc73391a014c0adb4fea7d652f8b9fb3c59194c335WordPress Simple Fields plugin versions 0.2 through 0.3.5 suffer from file inclusion and remote code execution vulnerabilities.
4338cd5a6fee565ad17148aae284a9aeb2d14240ccb815f68d640689e9cfc13cWolfCMS 0.8.3.1 suffers from an open redirect vulnerability.
6f02f9e976128383254307068cb1007e961973019dc0006c6b554f75c1b6ae0dGentoo Linux Security Advisory 201804-8 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow an attacker to execute arbitrary code. Versions less than 2.11.1-r1 are affected.
c0cac496b3a521f32ee1d0f652fd3355c954a2f4b374b783fe8e570dad67297aMyBB Recent Threads On Index plugin version 17.0 suffers from a cross site scripting vulnerability.
7f5bcd5124a0662b2bb26f4c57c2a8c8520f51a4ccc24e3ab6702ae8d5f63d02KYOCERA Net Admin version 3.4.0906 suffers from a cross site request forgery vulnerability.
83f4c903b0fefc6a2f66c607da3fa870a1624b171cf0b08f9977509c00d3d1cdKYOCERA Net Admin version 3.4.0906 suffers from a cross site scripting vulnerability.
acb0c386bfc4561f3044e0e54bd46cab0c808a5e94978f3f3539d5d517b2b93fGentoo Linux Security Advisory 201804-7 - Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands. Versions less than 4.1.0 are affected.
cb3f93c9b3e0a479b010f996073edf699e0fa20b3ce9bb33683651094342f1ffGentoo Linux Security Advisory 201804-6 - Multiple vulnerabilities were discovered in mailx, the worst of which may allow a remote attacker to execute arbitrary commands. Versions less than 8.1.2.20160123 are affected.
a5df72a482dd10b2fa363784319a3be3dcd1a6afdb5686f7c8dc9a29a2541152This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack.
7ab5a3518579d6225c44138ba1ad72500274b0cd5b6549efb4e201c3f2eb8195CyberArk Password Vault versions prior to 9.7 and 10 suffer from a memory disclosure vulnerability.
d1f14348574dde4087832b307cbde895ac38061a530c090febaa92dc0e73f9ffGoldWave version 5.70 SEH unicode local buffer overflow exploit.
270721afc4bde6c4b82811d30af06a29aa27a552aa2bf876a3e29ada095cbf6aH2 Database suffers from an alias related arbitrary code execution vulnerability.
88148b4b175b0f1bd1191d4101ed153fe076d05efa63d53f65f3e544648e46b0Yahei PHP Prober version 0.4.7 suffers from a cross site scripting vulnerability.
ca423dc5e4ecd6af7d94fc4ba9947bc41c255e333e707b72c06341b2b8aa426aWP Live Chat Support version 8.0.05 suffers from a cross site scripting vulnerability.
efa35d38ab04776de3b299f27637dca10dcc8084956e6cd18d59a27bdf49aefbBuddypress Xprofile Custom Fields Type version 2.6.3 suffers from a remote code execution vulnerability.
63e449020fc4822181a468f70382edb5711bb4ab8949e4acc68d07290539856dCobub Razor version 0.7.2 bypass exploit to add new superuser account without authentication.
14d156ad369b6e07bbbe55a330ea60259070770fdd331ca5108eb2bfbf535660testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
5163f76d40acfe404d65145c498cbe8fb716bb49119e8d0773e063203cff9c03
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed