Red Hat Security Advisory 2016-0266-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
87d87a4bc1fd2037806191a0d9f2852b2a6545a896f1abbb47097c6b0c813e72Ubuntu Security Notice 2895-1 - The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
353bfd89ec9248ccfdc878973cc36795b4c10b043b13f8f970d0fa552e316355Red Hat Security Advisory 2016-0258-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
6b8740ceed7206fff2a66f7e086933ae8f58ee4e912fe867d70c1bdc17a53b0aCJExploiter is a drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by clicking the "Exploit It" button you can see the proof of concept.
a70542049bbf7cc6445a732916771f7a6c606df15bab8c06cf7334e6804bee44DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.
46c874ed2505a5df8e83a213d020c5a1bde6cce21994c9b4f390cc5cf69c4532WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
4c445d18ff897468b32229c61b93169d17ee6ba88ec405da9f786b7a7906b6fdwebSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.
2291468cde58eae41054890b9e25d4217654ae9d0f8b7b9e749e1192bdcd7e44DOKEOS version ce30 suffers from an authentication bypass vulnerability.
e0d80f4d11e0f37a08bd45c5adf3616f68bc949b8f350966e67ed9a9b99c6a86TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.
91d1c80956419cb3834dcfcd444983fe9cb7d79deae450a0f99e91da4a1bf961Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.
1873a8e1196208b1b465380f46ad84e72520251b671aaa4c7dd577b9cff925a1osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.
4ad8190811bf2819eca13b86515ec3b6f35acf38818dc02e5c40e799d449f463osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.
0590c4c85647c5c0a02e877aee9bff53f2ee293542d8d20f50cdb9048d52be0fComodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.
3d2e073c1d6d171f88727d9420abce1904c883acad79c0452fffab5ce7a41451Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.
20bc965b21baa931f940d7ed6d8a9e9f44777aeb1ea263df14aa21c1cf9f5104Debian Linux Security Advisory 3482-1 - An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file.
ed430c3efb4a6f509b4b8da81487764d4cb3c9b7c432618398a2847e8da08603HPE Security Bulletin HPSBUX03437 SSRT110025 1 - A potential security vulnerability has been identified with HP-UX running HP-UX IPFilter. The vulnerability could be remotely exploited to cause a denial of service (DoS). Note: The vulnerability only exists when HP-UX IPFilter rules are configured for UDP protocol packets and the keep state option is used in that IPFilter rule. Revision 1 of this advisory.
2745eb916db8a309777acd800fa647b1859849b68fee1ffb2d5313663544bfe5Apache Hive fails to perform a particular authorization check. Versions affected include 0.13.x, 0.14.x, 1.0.0 through 1.0.1, 1.1.0 through 1.1.1, and 1.2.0 through 1.2.1.
c750bc1d41c1a1e9fe5413a40694d6128047b814f4d0961c94e6df37ee0341f9Vesta Control Panel versions 0.9.8-15 and below suffer from a persistent cross site scripting vulnerability via the user agent.
d430afd4621b5d62dad4b70ffff8d6258610f314f51abde198f22b3b9841fd8debay.com suffered from a cross site scripting vulnerability.
a29879e61b3488fdba8438c12dd745e034bbd5c2a76b31866e02d794bf818ecd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed