Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
80ab629790f1aa50f37047ae46ced282This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03.
4f2aea628d211f0b174393b831f2b684Ubuntu Security Notice 3598-2 - USN-3598-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
c0a7f31a20ff0b1187a6a7af47462855Ubuntu Security Notice 3659-1 - Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
4721707aa94311089c39bff645f29a63Red Hat Security Advisory 2018-1713-01 - The UnboundID LDAP SDK for Java is a free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communications. The following packages have been upgraded to a later upstream version: unboundid-ldapsdk. Issues addressed include an access control vulnerability.
31796181500558e1ac462997033b92cdPHP Login and User Management versions 4.1.0 and below suffers from a remote shell upload vulnerability.
bd0631b0840255f200ab219736fbbaaaMicrosoft Internet Explorer 11 on Windows 7 x64/x86 suffers from a vbscript code execution vulnerability.
c941ea777ceb3b732ed96b734dc41486Ubuntu Security Notice 3658-1 - It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
a8255e951f2f6a7ed7c7e65bf541bf6ePaulNews version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
0036d54289b9333d953a19d78a5d72c6LikeSoftware CMS suffers from cross site request forgery and remote shell upload vulnerabilities.
fc933e734ee2c898fee0a9fe9c673698Red Hat Security Advisory 2018-1711-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Issues addressed include a bypass vulnerability.
26561d6f454f1f3f921647691c44307fGNU glibc versions prior to 2.27 suffer from a buffer overflow vulnerability.
f018870406416ccaaf7f240ebf18ae10NewsBee CMS version 1.4 suffers from a cross site request forgery vulnerability.
d36ac134802164e7be83e68a0a14edb0HP Security Bulletin MFSBGN03808 1 - A potential security vulnerability has been identified in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.
4aa4ee1bde3522fca4a4b8d3b37a4949EU MRV Regulatory Complete Solution version 1 suffers from a remote SQL injection vulnerability.
ca5743cd6d1d94d211318b6584a33d34Red Hat Security Advisory 2018-1710-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.
0339034eb942a7c6f79af7cce5985315Red Hat Security Advisory 2018-1707-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
2ed1f43043edb21a679253a9bf63b29dRed Hat Security Advisory 2018-1703-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
fc5d57aa910ab1d6b23347b49d680a31Honeywell XL Web Controller suffers from cross site scripting and remote SQL injection vulnerabilities.
7a95d76007b0172592202ecc1ab0b6a5Timber version 1.1 suffers from a cross site request forgery vulnerability.
849624a202863f839d14cfc3536399e3Easy File Uploader version 1.7 suffers from a remote shell upload vulnerability.
72afb65d3fa31008dd700ca8653852f9Red Hat Security Advisory 2018-1702-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
4dfc647d9c6d287394790c148a386199OpenDaylight suffers from a remote SQL injection vulnerability.
baa4f7c3f4f49711202968edf6bd6860ASP.NET jVideo Kit version 1.0 suffers from a remote SQL injection vulnerability.
446e636ca5035f35b4ff0efa533d29fcWordPress Peugeot Music plugin version 1.0 suffers from cross site request forgery and remote shell upload vulnerabilities.
977bc38dbf076cea5680909d6b0fd85c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed