sysPass versions 1.0.9 and below allow for system backups to be downloaded by an external attacker.
3f4f1197fb6b356561f3a5d4c13b670af0b0739a649d539b75953ebc8ae7b8d5
WordPress Poll Widget plugin version 1.0.7 suffers from a remote SQL injection vulnerability.
8cef17c3a45fb59b1baaff188889f9426f628927178c3eb55bcaa7d12636b139
Red Hat Security Advisory 2015-2560-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.
b31590bd5428473b82cac74a3e51a9ceeb6c65e056d08c5a155284cc088e7457
Red Hat Security Advisory 2015-2557-01 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.1 is a micro product release that updates Red Hat JBoss A-MQ 6.2.0, and includes several bug fixes and enhancements.
28cad0dd0104739c3ad7b7dd395f265103b51b4d72b5188b28db0b5ee73e6f47
Red Hat Security Advisory 2015-2559-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements.
8e929ffd0869a3d98996e4284a5dff64f0935663f5489c95527f4db30aa478bd
Red Hat Security Advisory 2015-2556-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss Fuse 6.2.1 is a micro product release that updates Red Hat JBoss Fuse 6.2.0, and includes several bug fixes and enhancements.
b1396b19aadb57fd2a1b208aef3c84d9a22ce455c5fafafe4a08f679ba817a7b
Red Hat Security Advisory 2015-2558-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This release of Red Hat JBoss Fuse Service Works 6.2.1 serves as a replacement for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: A flaw was discovered that when an application uses Groovy and uses the standard Java serialization mechanism, an attacker can bake a special serialized object that executes code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.
1f63b4efd1d1fc7ee6d8922bf1f514818f400e5a6fa74ef50cd2ef956ecb5966
Ubuntu Security Notice 2832-1 - It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Joshua Rogers discovered that libsndfile incorrectly handled division when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. Various other issues were also addressed.
8b2c9916eb31485e1eae69a4db670a32eaa699f5ab89bf58a3b23c828cebd9ec
There exists in the Edimax BR-6478AC (firmware version 2.15) small office, home office (SOHO) WiFi router a number of security flaws which allow an authenticated user to perform additional actions beyond what is permitted from the standard web interface at the highest privilege level. These security flaws may be exploited by a malicious actor in order to redirect critical personal internet traffic from its intended recipient to a location operated by said actor for nefarious purposes. Unfortunately, these flaws seem to have originated from a number of poor software development practices which are specifically addressed as the number one issue in the Open Web Application Security Project (OWASP) top web application security awareness document. By allowing these flaws to go unpatched, it places the customers of Edimax at a greater level of risk for safe and private internet use.
3d71b2101a50050ebd91fc860cd110414d3e48c1a572c5f9f58919615dc47318
GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
ac148d35f351f1c159caa57c68553290699c2005cd34744205e1dd5f633435f6
SpiderControl SCADA Web Server Service suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' and 'Authenticated Users' group making the entire directory 'WWW' and its files and sub-dirs world-writable. Version 2.02.0000 is affected.
02e5720b36528ac99e8271f42613ddf43f8b16d17912411545e772eee35e910f
SpiderControl PLC Editor Simatic suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, and 'C' flag (Change) for 'Authenticated Users' group making the entire directory 'PLCEditorSimatic_6300400' and its files and sub-dirs world-writable. Version 6.30.04 is affected.
bb9580a515d983f1c6a6cada9159924897125c12e46e40a3d242e11a1bfc1d2e
iniNet SpiderControl SCADA Editor version 6.30.01 suffers from an insecure file permission vulnerability that can lead to privilege escalation.
f5a8eaf90b14310aa70398ca3cf3b63f72ec34a45eb723175e016bf2de427b31
Whitepaper called Bluffing Network Scan Tools - What You See May Not Be What You Get. This is a little paper to remind people that results from automatic tools are always interpretations of incoming data. Tools expect a certain behaviour from systems, and will make some assumptions. If you do not know this, you may be fooled by false positives or worse loose your valuable time.
5d150e80887b974f0f88fa3e467f154bc6418ef8b8d2e211081dd93297989286
Circutor PowerStudio SCADA version 4.0.5 suffers from an unquoted search path issue impacting the services 'CircutorPowerStudioScadaServer' and 'CircutorPowerStudioServer' for Windows deployed as part of PowerStudio Series. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
8a83a322c6a5db201a46c4771735b93a609d7fb9c7b9fdab9713bc4dcf1c646d
Red Hat Security Advisory 2015-2550-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application.
1a8f2ff7ad12af8e16356c2f4f8ac69f49c003a715d9e5612e17b2ee9a0a16c0
Ubuntu Security Notice 2831-1 - Michal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.
13fc9a5b7a351043ce247a20ce0df124cc06ec74262ddd5dc735be8d877cadc9
Ubuntu Security Notice 2831-2 - Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.
c7505bab251e5fe1f41a4e43073792ba3d27df28a6997befef75ff9cb5d7f178
Ubuntu Security Notice 2830-1 - Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. Hanno B=C3=B6ck discovered that the OpenSSL Montgomery squaring procedure algorithm may produce incorrect results when being used on x86_64. A remote attacker could possibly use this issue to break encryption. This issue only applied to Ubuntu 15.10. Various other issues were also addressed.
761017edeff7bb2093ce7156fbf414bd65c92ad0dc41998bcfdcc88bf2e0d511
Red Hat Security Advisory 2015-2549-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application.
686603171c4674cb416e1dee251706e5f7377a18c9c047d8329f88ea05255153
Docebo LMS version 4.0.3 suffers from a cross site scripting vulnerability.
2051abc7ed5d46c9c6bb827fb812f09c9ba961b28a4de57bfe2f6a22eaa4025e
DMarket version 1.0 suffers from a remote PHP code injection vulnerability.
5d5ecdeb84b7f814206a4385932249068e342d09a297bcb51226363cd73728bd
Deadlock version 1.01 suffers from an arbitrary file upload vulnerability.
844a323491602be8e2218899884f5e9925d72809dda30b0471d974f30b72c316
EvolutionScript version 5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
c5a59b8a7d547e7c6ffb6b56fa66103d03b9b1b4c7641daccd5e845822ad604b
ChromiumCart version 0.8.1 suffers from an arbitrary file upload vulnerability.
431c9218e3df7991289aa9a65e8d34c7fcd38bbc2919c8030e205a17cd2b085f