Red Hat Security Advisory 2016-0266-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
87d87a4bc1fd2037806191a0d9f2852b2a6545a896f1abbb47097c6b0c813e72
Ubuntu Security Notice 2895-1 - The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
353bfd89ec9248ccfdc878973cc36795b4c10b043b13f8f970d0fa552e316355
Red Hat Security Advisory 2016-0258-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
6b8740ceed7206fff2a66f7e086933ae8f58ee4e912fe867d70c1bdc17a53b0a
CJExploiter is a drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by clicking the "Exploit It" button you can see the proof of concept.
a70542049bbf7cc6445a732916771f7a6c606df15bab8c06cf7334e6804bee44
DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.
46c874ed2505a5df8e83a213d020c5a1bde6cce21994c9b4f390cc5cf69c4532
WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
4c445d18ff897468b32229c61b93169d17ee6ba88ec405da9f786b7a7906b6fd
webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.
2291468cde58eae41054890b9e25d4217654ae9d0f8b7b9e749e1192bdcd7e44
DOKEOS version ce30 suffers from an authentication bypass vulnerability.
e0d80f4d11e0f37a08bd45c5adf3616f68bc949b8f350966e67ed9a9b99c6a86
TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.
91d1c80956419cb3834dcfcd444983fe9cb7d79deae450a0f99e91da4a1bf961
Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.
1873a8e1196208b1b465380f46ad84e72520251b671aaa4c7dd577b9cff925a1
osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.
4ad8190811bf2819eca13b86515ec3b6f35acf38818dc02e5c40e799d449f463
osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.
0590c4c85647c5c0a02e877aee9bff53f2ee293542d8d20f50cdb9048d52be0f
Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.
3d2e073c1d6d171f88727d9420abce1904c883acad79c0452fffab5ce7a41451
Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.
20bc965b21baa931f940d7ed6d8a9e9f44777aeb1ea263df14aa21c1cf9f5104
Debian Linux Security Advisory 3482-1 - An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file.
ed430c3efb4a6f509b4b8da81487764d4cb3c9b7c432618398a2847e8da08603
HPE Security Bulletin HPSBUX03437 SSRT110025 1 - A potential security vulnerability has been identified with HP-UX running HP-UX IPFilter. The vulnerability could be remotely exploited to cause a denial of service (DoS). Note: The vulnerability only exists when HP-UX IPFilter rules are configured for UDP protocol packets and the keep state option is used in that IPFilter rule. Revision 1 of this advisory.
2745eb916db8a309777acd800fa647b1859849b68fee1ffb2d5313663544bfe5
Apache Hive fails to perform a particular authorization check. Versions affected include 0.13.x, 0.14.x, 1.0.0 through 1.0.1, 1.1.0 through 1.1.1, and 1.2.0 through 1.2.1.
c750bc1d41c1a1e9fe5413a40694d6128047b814f4d0961c94e6df37ee0341f9
Vesta Control Panel versions 0.9.8-15 and below suffer from a persistent cross site scripting vulnerability via the user agent.
d430afd4621b5d62dad4b70ffff8d6258610f314f51abde198f22b3b9841fd8d
ebay.com suffered from a cross site scripting vulnerability.
a29879e61b3488fdba8438c12dd745e034bbd5c2a76b31866e02d794bf818ecd