HP Security Bulletin HPSBHF03408 1 - Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
76e51b6977b0aafef214808e12cfd4b8be86ce4f972770bb73775db04b3d9e03
FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.
6562b200ed6f0101fff5117229054f71cf3af90934e4ca91e22b9087a53116ec
LinuxOptic CMS 2009 suffers from an authentication bypass vulnerability.
fb5510a4e8241f843f5f5647141f946a2f3127a5a149a226a545326bfffff821
WordPress Private Only plugin version 3.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
dab9719c8bbda7fbb1bd873063f790d3b7aeb28984b3a0ff28b38002c26621b1
Anchor CMS suffers from a PHP object injection vulnerability.
01360b0ef87b8be3a5a7368eac27d098cc885b14e087ad44e9eb0a5154ed8a8b
BSIGN versions 0.4.5 and below suffer from a buffer overflow vulnerability.
96bc6b623e2246e2153eaae563245037e96717a2892cddb0b082e2b39ab7c6da
Dogma India dogmaindia CMS suffers from an authentication bypass vulnerability.
e83e7863e16b666b0fa577c942a5232b031229a84ba725a9bedf9a2cb44b6929
The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.
221d3bbec1c5df5426bf707aa9ebcf83deb62a5dcff3e0f43a1161f218d916e7
WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.
bd08d635da81f1250b0bd7b2decd8288c09061ca8182cdeb83b88b0b64cd4586
HP Security Bulletin HPSBGN03411 1 - A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
639bf8507e1b5ad87717788379b46c94b04598136a31007b96374bcb323d0885
HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
0e6fc4e54f6c6314c75c0105e2ac65fd4c07dd8d8fb3eb8e90df6aa1a1f6a636
HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
84f3b874b3b98be0bf0823568c0e8846a56946be08587462ea7859e44fa6c5df
FreeBSD Security Advisory - If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system.
c96f042a2e1f79016cee3228dd1a6dccfd18fcba578117e9a03af878aee5caf1
FreeBSD Security Advisory - A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.
3a8b1bfd85b5a339a84d61427764656f8de8bc6b1e993e98a5732638aac6f504
nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 4th through the 5th, 2016.
4f1454e9bc2d8289b349a3fdce42d430af7f08c0ece80b991b18ed318038403e
Debian Linux Security Advisory 3343-1 - James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.
805404034e4c9a24f3324b6ba48b3771bb4d719aa491044f98bc20c9f2e2ade3
Ubuntu Security Notice 2722-1 - Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
53ace9ef917aebbafcf19dc56fa2c9f36bb86ae8fb4479b09de38565703eb1f6
HP Security Bulletin HPSBGN03415 1 - Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
fe697ef6edf021eeaaa0c510a00b8027459e63c615ee0257cc4e7099c03d9fe1
HP Security Bulletin HPSBGN03414 1 - Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
bf90a44cb60c6e9039856d3da552a22356d63ab04ce1ca47af70fce3e6b2b9e1
ZSNES version 1.51 suffers from a buffer overflow vulnerability.
ac0bbeac824268291f65934827d6406fd927814abaffee462140a86382be50ec
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
ed6f8cfbda6dc76a56a994465188b49419267492ebc6d5328e0947479bd2714b
HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5
HP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
81df34bec39d89b1c0a6979bd60403319676351b9237601064e3bfd18d74561f
Ubuntu Security Notice 2712-1 - Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
674b2e26a251f35dbda3345884ca92e8bd282ae9ac9699767bce9224e7a9d691
Red Hat Security Advisory 2015-1682-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird .
4c069329c01d5dd2b23d438ea15fb2cf2ddb55af9e97c1998eb05ee9cd900538