On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.
be5f41f514a5827a0f821f666b99bf1814733a5f65b5368d166452c4a0dca392
Ubuntu Security Notice 3792-2 - USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service. Various other issues were also addressed.
be44d45d384dd945835966eb97cbc017459819b713ae4d51cbddbb443a0682a8
Red Hat Security Advisory 2018-2921-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a denial of service vulnerability.
7d96337c912bdd1ab3d51066d5aea36144133b51ed5a15a1ea54154a9b6584ca
GIU Gallery Image Upload version 0.3.1 suffers from a remote SQL injection vulnerability.
ad03a7e1c59075f477a7ea160ffad229f7b0f324efe2335d232e0fd61ce950b5
HighPortal version 12.5 suffers from a cross site scripting vulnerability.
dc3438488946e0c9472997dfce4da1dfe5cae5b34fbf0e8e172de192753810ae
MV Video Sharing Software version 1.2 suffers from a remote SQL injection vulnerability.
bf109f99fed3e35c9a7364c59736525247321baa5838ad1f548c90a68f264220
Rukovoditel Project Management CRM version 2.3 suffers from a remote SQL injection vulnerability.
b595fd2f369ceab5d17f292cf77d4b68fa3c3044947c32a3f9a8db3b7585a36a
Vishesh Auto Index version 3.1 suffers from a remote SQL injection vulnerability.
dac146608e6ec0bdeb472a912c4503c1ba086de0f046a779211443a357e04da8
Kados R10 GreenBee suffers from a remote SQL injection vulnerability.
7fb3985d828bb892c4c3a040dd5491240e92f22d54899b6d017c32720df41440
Navigate CMS version 2.8.5 suffers from an arbitrary file download vulnerability.
d94c48701b35c9e133b1e87004ac915eac005fb1c835c9c3b5f97f1da42e3a43
HotelDruid version 2.2.4 suffers from a remote SQL injection vulnerability.
67c22127a13e5483bdf03253c3d68d88747421ff1474b8926a4b17ef0c721e03
KORA version 2.7.0 suffers from a remote SQL injection vulnerability.
68d11ce4ad3635521fd4915adc28b1747966814769e335953fa938c1fa472077
Academic Timetable Final Build versions 7.0a through 7.0b suffer from an information leakage vulnerability.
c1e1cfc2e93c87d5ba2e4f2461ef074e701570ff9623e54a4ffcf0bbe971681a
Digital Whisper Electronic Magazine issue 99. Written in Hebrew.
6b8d08bcfae25f3de3bb95f04e31f5ad8dc1e5da8cfda218a4fd5ff2cd2ac025
Red Hat Security Advisory 2018-2918-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
1365f857a8861ae654e77cc6eefab17b628f59e2c5ee0d9dae6960f0308f4405
Ubuntu Security Notice 3793-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
02e62b2bffb86438849c76b75b7f7492d31b01439a58b29eb4c7e7f49d5ddbbc
Ubuntu Security Notice 3792-1 - It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service.
e3f5ab649c9e7f971bcf9045f65087717c8f42377af82be89306bbae6a985a72
WordPress Support Board plugin version 1.2.3 suffers from a persistent cross site scripting vulnerability.
0355f54279601b62651bec189edae733105d73619df22b146e5bf3ab4c7ba055
Library CMS version 2.1.1 suffers from a cross site scripting vulnerability.
cf0dcc3a82dd155f565140d09b1aa184220c25854a672aeddf8695661be0a132
Digital Whisper Electronic Magazine issue 98. Written in Hebrew.
e5c619408ee23114b0a23e1b5073a650c4c270997ef8a6e981a8314033390b4f