PDF Converter and File Editor version 2.1 suffers from a local file inclusion vulnerability.
d4803b251347401ae6c2425b77c15232e43078278304e16a1fe2dcd08f5fc5a7elFinder 2 suffers from a remote command execution vulnerability via file creation.
57884d86d295df818f1cab870ceaf073323f6d2bc260384a3aeccee8ff36816fOracle Business Intelligence Mobile HD version 11.x suffers from a persistent script insertion vulnerability.
696e949d879961b6eec6787d43c69bf13142b53172357c59d94eb02ca6214849Cisco Security Advisory - A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.
021f5e0311a1cfc47c0a13a0baf16a4d0c135eb939c2546fd481c1061082f515Ubuntu Security Notice 2582-1 - A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
eb4123041662ddbcc44dafe693a3d63535ce7442cd42a552878a82cd53706545HP Security Bulletin HPSBUX03194 1 - A potential security vulnerability has been identified with HP-UX running sendmail(1M) using STARTTLS (TLS). This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 may be enabled when STARTTLS is configured. Revision 1 of this advisory.
c92af4ca04957cbb396fec3daa3470c5cd6d75c41b26deddcdcf03f7f20a0871Mandriva Linux Security Advisory 2015-231 - Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
00c15cbb854e0cc2cb67a8a8c9493a11bcbe0d00eaef699792b44316f20a5dceDebian Linux Security Advisory 3252-1 - Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.
01ae9047c854e748060299f3f75e074a966d61e0722075a6d13479ca38341ab9WordPress Akismet plugin version 3.1.1 suffers from a cross site scripting vulnerability.
2f65b94147ff0b5b179b376bc1cd9f88ebaadbbe26f86638f711724e992c9310Linux.Liora is an ELF binary infection tool written in Go. Archive password is set to p4ssw0rd. Use at your own risk.
f843972b52ae263b6bf7d766127d6431e0975856ce27c2ca10fd87da087726a5Grindr version 2.1.1 has been found susceptible to the breach attack.
c290a215a6fb335ae34ca6896d60242350ccf436e31821e5607aab4bf2f0074eAdaptCMS version 3.0 suffers from a cross site scripting vulnerability.
71bae6992093d7256402d6bb35991c1169834d1e7e27df9ae1979cad08ac0d65This is a general-purpose module for exploiting systems with Windows Group Policy configured to load VBS startup/logon scripts from remote locations. This Metasploit module runs a SMB shared resource that will provide a payload through a VBS file. Startup scripts will be executed with SYSTEM privileges, while logon scripts will be executed with the user privileges. Have into account which the attacker still needs to redirect the target traffic to the fake SMB share to exploit it successfully. Please note in some cases, it will take 5 to 10 minutes to receive a session.
45c15bd461947206eeb3b6ced66e20b4a74d4d349593ca5f535d53477dec8319Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
7af6394cb81e464f5c1ac88a1444030e30940caab6e53688a6d9eb652226d1beThis Metasploit module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and finally accomplish remote code execution. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 16.0.0.305.
177e5f47d74fe85d6aa8d57dccbc5f1b1e2484a8de35f89d42b20aef2b6ffe99n2cms version 2.2.1 suffers from a path disclosure vulnerability.
3999ea7bf894cbb36512a747568273dd9e6751f2d406d253df2dbab8f24da389
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed