Debian Linux Security Advisory 3291-1 - Several vulnerabilities were found in drupal7, a content management platform used to power websites.
398bb888b259027615866997ab92ee63422e667b90163d54e5414e98edb42dd1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
0f3535012548c15bcf909d7f76a066881278751704c6118f74ab92879809e3fc
SAP NetWeaver Dispatcher has the function sapac01_sapgparam() that processes the ABAP kernel call C_SAPGPARAM. This function has a buffer overflow vulnerability. The vulnerability can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.
e0d91a9cfd6ae4da1cf1d65a172beb169596c06658d1838fb88f8be6eda0f0f7
Debian Linux Security Advisory 3290-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.
0fbb263c4d3f8891b1c58ec40a1bf47156f434e76c2141d84c6407ec9eb0c713
SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059
Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.
397399516a0b38c8578b9229ed23840b442e7ec378ee95438a4c113226f252da
Vitubo CMS version 2.3 suffers from a backup related database disclosure vulnerabilities.
ff364b84ea8625fba97d912d8dd6331b0c0dd9676463163ef07e5caaea3f8ae8
WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.
8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a234
60 bytes small Linux/x86 netcat bindshell shellcode that attaches to port 5555.
a448460fd0c86ff40315a54f88404738d49ecd0c1b2ffbca47171f6ced35203b
Just A Forum version 2.1.1 suffers from a cross site scripting vulnerability.
f942628108d16b6d63256b6d0445ec551ce6bb7db1df80e6b5741033053809cd
Red Hat Security Advisory 2015-1123-01 - CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface.
b8be18fe93feda9e83358ade06c07fbf33652b9dedfb62d9a8e3b997ce16a542
HP Security Bulletin HPSBGN03338 1 - A potential security vulnerability has been identified with HP Service Manager running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as RC4 cipher Bar Mitzvah vulnerability. Revision 1 of this advisory.
f73faeaa3c71b97758427a435b20b04199bd569651d10e0bdb1c92b0a1354ca4
HP Security Bulletin HPSBGN03350 1 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
fe1d558fbe29c55c7783573f0e8ce2e327d549008101137a3d8ffbedd47b5e51
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
22ac0cc872f12cef9bb2cacfe0720eed8533dc5cea102d21de511620606cb3b6
Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.
8afef03dc758fc7e9258cea86f2165628c4ee859debcb92aa2ea90cfb8973453
SearchBlox version 8.2 suffers from a cross site scripting vulnerability.
c50cf93766fdeb247be5b7f551e3e1f70a06620929967b43da8b53e840f1e73c
VCE Vision(TM) software versions prior to 2.6.5 have been identified to contain security vulnerabilities that may potentially be leveraged by a malicious user to obtain sensitive information. A weak cryptographic scheme exists in the system library and a cleartext transmission issue exists in the plugin for VMware vCenter.
51ade347570617484b11d1238e172c175ac13263924dc5c99651107083d0793c
Symantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected.
e6ac92a40468adfad041080b0dc12276912bcdfa8a08e999f17136b0003f5f9e
BIGACE version 2.7.8 suffers from cross site scripting and file upload vulnerabilities.
33159b3a9180da99ad88ee3d773bbc6ec6a99088dc5297a33bf65aaf68c6079d
Audio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.
a3a8905088e570ff7fa1984524f21cf56f5f55619ab6518165d24f7c5f880f37
Alitalk version 1.80 suffers from various bypass and remote SQL injection vulnerabilities.
8471cf9736c040db77b8cbf37badbcfdb3f137f9f3664d06af4cbb5b1d6b2457
4images version 1.7.11 suffers from inclusion vulnerabilities due to trusting the host header.
58c8498e8bf4f00d45c7e52fd8d323c053bb404232140cfc9cb9537707c06ec0
Imagevue version 2.8.9 suffers from cross site scripting and password disclosure vulnerabilities.
da17b864a9c9189ea39befb9d3b0dd1691517d8f6afb17b6cddc81e4e0716486
MantisBT version 1.3.0 suffers from a remote file download vulnerability.
671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1e
37 bytes small Linux/x86 chmod('/etc/gshadow','777') shellcode.
7835ef8dd303091aaa34f09e786f8af1c69d6250ccbffb724347d83a9ab3dcce