A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.
24fceb475313278d19f5a23db69ad822ae87dfa7f82a3ba37404f43ef5ba46e0
A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.
a0b62fab44a37693fd14db3f0e3e858745cb319b96780df04ea679a925ececb6
A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.
75e7ebd650b1e60e6dcef6ff3a77e4fabca9acf8c4b6a4677048ca098cb03520
Coppermine version 1.5.40 uses straight MD5 without any salt for storage of passwords.
953f240f9074c871c21ff81b9fda483e9b54149b0e8bf9fd3a4ae7b129905d41
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
39e66690bada599a4ae01e4a8c83e8d541446b05d8b678ead86e25c098cb864b
Proxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.
377a4d6e4e3f59329037f6605c912134206657cbddc009f577acf4a0c93a7e43
Ubuntu Security Notice 2908-5 - USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
5e10ec647672807200c174c55a66cdcc9b1b8e1775c7a5dfb35815b6935f9d01
Ubuntu Security Notice 2909-2 - USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 14.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
3c3d759a7baed04064d8e1a5aaf0a6c656497f00d2b9bbda49970b61d924499e
Ubuntu Security Notice 2910-2 - USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
1c5860f7d5e5f701a0618aa045b06de9bedc1bdeb2417d42f72a17ed4039636b
Gentoo Linux Security Advisory 201602-3 - Multiple vulnerabilities have been found in libwmf allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.2.8.4-r6 are affected.
7fb0b176af2fec4f40b8fe3b3185e69185aa1e07347c160419d8b2bf521e8430
Ubuntu Security Notice 2908-4 - USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
2ae3612b5f8c1f000a29250f123157f70e9d98b5ff013458912d9c9b43f07b03
Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.
bf6f4fe66d502f5d2cfe52364aee2616a8b6313109616db2da1627ad5a4b40a6
WordPress WP Ultimate Exporter plugin versions 1.0 and 1.1 suffers from multiple remote SQL injection vulnerabilities.
16a39c93c4c118309bb6382bf258c1c0fa954639322ef7c55a3a052d1c3848af
Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
3c4451947909782cb24cf03b689934f5d565641465aa23686ec6df8df29ff586
Debian Linux Security Advisory 3492-1 - Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.
6458ae433eb2d65cf2336d02a0482c8bb4abd3984d7aca3b17a9f73a7114422b
Red Hat Security Advisory 2016-0297-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0.
904c22b05f19c5f99c4de16fbb194e475d9a3ddc6e10364eda2ee73976d76874
Debian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.
65b274c933d90cefe3382f57ce846303ac98c8a5232db435954e456e7b506eac
Infor CRM version 8.2.0.1136 suffers from multiple cross site scripting vulnerabilities.
b48e22c74e47621c31af3403d86e083a3f1abc5563fc2dfe8d627d1b581db34c
Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.
0da0fe882cf7354bdf4be9e8dafb2bb44b40c75b431e52698d358584cb94db05
HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
5c0bafbdb117854cb467fe44692de91315ec03062242458e577de6b74ec77e61
Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
e1b46b0ad4d6efc49d1a685645e3212963cbee25ea12b9f3f64dee6c50699a17
Cygwin suffers suffers from a dll hijacking vulnerability.
24171614c6478bf8aec76c25acdb2fc75fc734452867fb86432651acd0df8e10
Various D-Link and Netgear devices that make use of the FIRMADYNE framework suffer from command injection, buffer overflow, and authentication bypass vulnerabilities.
e1f65451595116919451f722284040e48ed00ae6e1c4227dd28831ce50e8f637
Google's Chrome Cleanup Tool suffers from a dll hijacking vulnerability.
e2bde11264a28f5ba73ff12c3c7437fc0631264903401454d76b59f90187c3bd
GIMP for Windows suffers from a dll hijacking vulnerability.
ac97dc5b648db74d6ed97b0c86498de3904d37cb7b8d8c613ef2aa9e05f1cefe