Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
bf6d1e2f1321eacf2214a3400a3201acd1c33bb08ba4cb9b45cfa3ee93eefbeb
Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
2baa914e2be3c4ec3d77cc267df8d63b6e6846eb6c6eef59e5a355c709834908
Red Hat Security Advisory 2018-1367-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.171. Issues addressed include a code execution vulnerability.
6746edefeda3dc5f46a3a988882fb23abb9a39be3320b013002753b5735b331b
Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
ecfcf061117b86f26fc3ca56b8d318d370404b541e43650c789354a123064194
The t2'18 Call For Papers has been announced. It will take place October 25th through the 26th, 2018 in Helsinki, Finland.
d86ebebe30e3915de42951a12bd66a55fcf5fcb4bd942d990994fe5547c3f4a8
Ubuntu Security Notice 3642-1 - Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information.
08e6165a0e06d26de942f15ce22ab0662f9668980fd003df685f4033c97fca69
Red Hat Security Advisory 2018-1364-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a ns-slapd crash.
d05b2c0a4545572bcf49fef48379e3e9d41eeaaa1fec555d0fe178253ec17339
Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.
529e37622cb8b9a8c7ff1df46c0f23167d4d261569eec1722cd310507eb17b47
Easy Hosting Control Panel version 0.37.12.b suffers from an unverified password change vulnerability.
6b9c2fb76cb2b2e1b5b400414e61b2bf2bf5bfced4755d05b2ca17ff0c94490c
Easy Hosting Control Panel version 0.37.12.b suffers from a clear-text password storage vulnerability.
1c215b802e217d75ea942c972e7bec45f141b5f896ddc956d47e80412dacf3da
Easy Hosting Control Panel version 0.37.12.b suffers from an insecure cryptography vulnerability.
687d246182ae3672c456fe67465befb2213e45306ceba378cd7184753e4c3db7
Easy Hosting Control Panel version 0.37.12.b suffers from multiple cross site request forgery vulnerabilities.
ddd48bb3bcd858b591a5ba8418dc05789be98692830c6205c8a540e4ad205676
Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to steal the cookie.
61246ca67241380fbb3cf68fbfbd65cd27a9c327ff9125e7f8cd3a8234b67333
Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to add a backdoor FTP account.
efa2eac7432c41578c130f45589ae285362ea92d776fd1be1470c47380d3c2e7
On May 8, fixes for CVE-2018-1087 and CVE-2018-8897 were released in linux kernel version 4.4.0-124.148. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. If an interrupt or exception instruction (INT3, SYSCALL, etc.) is immediately preceded by a MOV SS or POP SS instruction, the resulting interrupt will be incorrectly handled, possibly crashing the operating system. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem.
0ed9608f57e15a5b058be5eb06c92f72ea884cf0e997d30b7285a27811e380ab
Debian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
93cc48d260bc7594d1b33464cbeae85c8108f7abd086bf698c5a407b0654ccb2
113 bytes small Linux/x86 bindshell forking null-free shellcode for TCP/9443.
b04bdb837a2ff84a3bb3deb229558fd9c8358cdbe9ec0a081b72bdfe56b0bf9f