WordPress AzonPop plugin version 1.0.0 suffers from a remote SQL injection vulnerability.
d43fdd9d6e462d91f35b4a28afb5f0cc6681694b5836544ae808fda3203b36b1
18 bytes small Linux/x86_64 egghunting shellcode.
4be4948b091b9dfa6f038690c14c3670b190b01405203192db73c45d19c48cd5
MobaXTerm versions prior to 8.5 fail to bind forwarded SSH ports to the loopback device.
5a2dd8e3090e538470c2fd7ddb6861827557340480151355fd3ca16a9e3d0ef5
The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.
f61935b3b37229ff1b4f27ebaef671d58dbbebb3c4c012e1603981367b17881b
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
4c903e5cde7a8f15318af9a7a6c9b7fc8348594b0a1e9ac767636ef2187399ea
Apple Security Advisory 2016-01-07-1 - QuickTime 7.7.9 is now available and addresses multiple memory corruption issues.
517e07fd6714e7e2ecd3ba64bcf60b39e9610286dabdd445685443f667059b2a
Red Hat Security Advisory 2016-0010-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory.
89f20e4822a7bbff9cbe595e4c9b7e262ec003f61ce60cf39cc4b99cb1dc736d
Red Hat Security Advisory 2016-0011-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
7361a87b868abd0536a182c1d2a161d23034925d598dfdc4ced441e5d36afe5a
Red Hat Security Advisory 2016-0012-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
2be9da663fc2445d96233e12550216a67075737ef62f2979035aed0899647d28
Red Hat Security Advisory 2016-0009-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb, would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
7744b8e0626a8901ae916b7e2470b53a173f787163b7b9145e30b729863d1bea
Red Hat Security Advisory 2016-0008-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
52178e2035ec5d3abc8afc8f4c47472de6113e24e32fefd233c654376765669c
Ubuntu Security Notice 2865-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
4299b52f55c8c2830d857eaf3a6bad98b1e0a177474b6046f3f95782e39d671f
Red Hat Security Advisory 2016-0016-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
1d8ff6e2ba56dc079e6a794292cbc443fa3729c3047b4fa27c6998e53fc0bfc1
Red Hat Security Advisory 2016-0015-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
e7476774b5f9c85270690826f5f1e544dc5c73fbe57f70b44735340d28740d81
Red Hat Security Advisory 2016-0006-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory.
edf0fb514d3c6ce3421118cdbbd2a073602544574ed4b012c2f36821051776c9
Red Hat Security Advisory 2016-0014-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb, would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
b68687782b26d57dd2c5e68c3efd3463fe80d9a646ae0980128e2a9152d079f3
HPE Security Bulletin HPSBUX03435 SSRT102977 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including: The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Apache does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters. Revision 1 of this advisory.
918b77ebec19829d1b59175aae0a8ee89dbdd934b71e72c94b5d47c034841f94
Red Hat Security Advisory 2016-0007-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
49cfd58614f0b0d586c03fd76f98b32154163b40e29b714e4486ec3f7fad0fa0
WordPress Symposium Pro Social plugin version 15.12 suffers from cross site request forgery and cross site scripting vulnerabilities.
f82db69c55d75e7d641af48a0a2618294b87b297b5eaa1361b0915522fa7df05
TrueCrypt versions 7.1a and 7.2 suffer from a DLL hijacking vulnerability with their installers.
b187b2c7c60559be858f2e25938339fb99a96d589a36224f2df31b6207d1c3f0
13 bytes small Linux/x86 egghunting shellcode.
4238f72dd1d09bd20c2070130ad571b9678c15bf2b98e1f8d3fd350b49dcd746
Stanford's CGI subdomain suffers from a cross site scripting vulnerability.
b828d5f3b9d6e3d8a71e219a8d7e4af37707c72dd459f17ab0df4a06df946b7d
Ubuntu Security Notice 2864-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
d6dbb440dd90c2848a373a61e5571708dbda96879cf8b5d1e7825700e41d8227
AVM FRITZ!OS versions prior to 6.30 suffer from an html injection vulnerability.
bdf821aa57faacdfb6631eb130eb6e07c1218ed15142670e47b5f07230d3de6e