Asterisk Project Security Advisory - There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker's request causes Asterisk to segfault and crash.
6aca45f3b7b194469327386eabbfe453PHP-Proxy version 5.1.0 suffers from a local file inclusion vulnerability.
96c23b5c4ac90b08c6b144a53cf3862dUbuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
6b37d20c06583bdf2df8bbda520645ebWordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability.
a90814e7187521ea474ee2c55e40aca8WordPress Custom Frontend Login Registration Form plugin version 1.01 suffers from multiple cross site scripting vulnerabilities.
237d47a46ea03648e298b2b496c1d36cPHP Mass Mail version 1.0 suffers from a remote shell upload vulnerability.
0cb5d71edeb4a2b0e094423306caac00Red Hat Security Advisory 2018-3618-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Issues addressed include an information leakage vulnerability.
e77d2b6f05294f9616cdb3a6fe3be58cUbuntu Security Notice 3822-2 - USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. Various other issues were also addressed.
38d2319298757b9ae2fa55baae2679552-Plan Team version 1.0.4 suffers from a remote shell upload vulnerability.
f032a820048d7947081bbeda6a354d98Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability.
1ede165ba98398e93a63ea4b310b41dbUbuntu Security Notice 3822-1 - Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.
07f71bea3d47114cf186b3745cee0c23Ubuntu Security Notice 3821-2 - USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.
aec00b068e6349d4d19761befac301e0Kordil EDMS version 2.2.60rc3 suffers from a remote shell upload vulnerability.
f3deb8055528a28140da5feca3b41892Meneame English Pligg version 5.8 suffers from a remote SQL injection vulnerability.
5c7b5029323f7af90547ba9b891733dfEverSync version 0.5 suffers from an arbitrary file download vulnerability.
e81ef06ed6a2875941484f78b91802daUbuntu Security Notice 3817-2 - USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
e399e890f8bd1e86e7456e03b8a0fe3dUbuntu Security Notice 3821-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
a90659bad625eafc560423ef26975554Ubuntu Security Notice 3820-3 - Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.
740182e23aa6554edf5fee4302b78e30Galaxy Forces MMORPG version 0.5.8 suffers from a remote SQL injection vulnerability.
14a0c7a02a34735d824a66d044a989a7Net-Billetterie version 2.9 suffers from a remote SQL injection vulnerability.
775c0f6b6c482e0277e3b482fdb3c25fBiP Messenger suffers from a denial of service vulnerability.
214a916a17dfdbd9801d032036fa3651Apkatshu is a tool for for extracting urls, emails, ip addresses, and interesting data from APK files. The user can choose either JADX or APKTOOL for de-compilation.
1c100a31d20c7b83d67fcf53f41b1009This Metasploit module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized.
4b1d60b3080ed9efc3a42b499a19be0fUbuntu Security Notice 3820-2 - USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8b0e9c9bf7278654251d2e196f833532BitZoom version 1.0 suffers from a remote SQL injection vulnerability.
b767af891adae7111a4292b027872a8f
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed