Red Hat Security Advisory 2016-0685-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys.
7142359029ecb55b91f8740bcc308885a4ca03d05377044d0945c59945dbfdaa
IrIran Shopping Script version 4.1 suffers from a cross site scripting vulnerability.
828edab3e7924d0f81c1fce38155f8638c3e73f0a9314ba81f3edfc6c8485c69
i-Tech Nepal Radio CMS version 2.0 suffers from a remote SQL injection vulnerability.
d1025bd4c1202de1ad50de8a8a3ce98318bb2d479a1f19446a1bf6463fed0877
CompuSource Systems Real Time Home Banking suffers from a local privilege escalation vulnerability.
eb1e66983b629065e937bcc9d3f4d042428232857116f37391fd6d668cdf8fdc
Cyberoam Central Console version 02.03.1 suffers from cross site scripting vulnerabilities.
25723eb7a1086e2370f53a54fa6647c9acdf0499d3a3aba9295cb297b783c6fd
Totemomail versions 4.x and 5.x suffer from filter bypass and script insertion vulnerabilities.
347ed963a8f8484f164328a3c14f97f30cce1083e75ae2e5b8613af5d9932d20
Rough Auditing Tool for Security (RATS) version 2.3 crash proof of concept code that results in a denial of service.
12d7b29ab56ac354a7a7bb73a02be8eab943b3498e0f538c356807a4c3766040
Django CMS version 3.2.3 suffers from a cross site scripting vulnerability.
cd0d8627e3d4f429c5205644da8cc99c824b6ba06df465b5a3f2d52c570dc592
Texas Instruments Calculators Emulator version 3.03 buffer overflow exploit that can use custom offsets.
0261e280ea524d7c2831dd9bd565f7a419d891b1642208d0fe44afae9bd4d78d
Telisca IPS Lock 2 suffers from a bypass vulnerability that allows the locking of any phone with only a mac address. Metasploit module included.
b6003d594cc09a8801ce447a82f3c84e8fedad95171104c449337ea0d019a587
The Ubiquiti Networks web application suffered from an XXE injection vulnerability.
d645f5c22a117c00797ef6ddd30973f63867c5fa0aab82f98789a422cbf5aa34
Negin Group CMS suffers from a remote SQL injection vulnerability.
ad141442ab12e00b67e2cf9ec428556e760a92c6d787be756cace677a1597514
C and C++ for OS suffers from filter bypass and script insertion vulnerabilities.
329b1aa3f14ffa8cc34a901452d00ed59a2075257c1f02e7647ba5dab1f0ebd8
WordPress Unlimited Pop-Ups plugin version 1.4.3 suffers from multiple cross site scripting vulnerabilities.
943fa2efcfdbec658d83613399d35548f5db42af4a4e46260001e923b0c595c6
WordPress CM Ad Changer plugin version 1.7.2 suffers from multiple cross site scripting vulnerabilities.
0e299b1da211c516c4fe7bf2343d8e5cc837b4ab5a77b90b236816e14876df7c
Easy Social Share Buttons for WordPress version 3.2.5 suffers from multiple cross site scripting vulnerabilities.
effdeb4ba420bf5d84d9ffd442e8582eb66e5fb009165f4955fae709de944263
WordPress Google SEO Pressor Snipper plugin version 1.2.6 suffers from multiple cross site scripting vulnerabilities.
974082355be55610aca2df7ca32907636934fa498d55dbbd1bde0bdba2e9d605
WordPress Echosign plugin version 1.1 suffers from a cross site scripting vulnerability.
6f6ab95679fb960f62775b09e93953ed4e987e91fb68dfc211274f7cabaf63c0
WordPress Tweet-Wheel plugin version 1.0.3.2 suffers from a cross site scripting vulnerability.
8d2914a71d4ff443cfcf79b23168cfe5ec719cbb01f6054d5570aa5be2b3f230
WordPress Persian Woocommerce SMS plugin version 3.3.2 suffers from a cross site scripting vulnerability.
3f9a09db46f20713c6565e00793a5392aa6bb99bdb64b1ef03899523bb44b243
Shopware versions prior to 5.1.5 suffer from a remote code execution vulnerability.
8ed34df1b1c5c4feb506c2ffe5618e3c1345315775fedc648d88ef2fcbe643b1
Simple python script to combine two executables.
e5aa7ca4ca40ec528bb5098527f9d692115c68793d4b4c4815c670419eb96808
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
e196376e75fe21fdef41b4eaa27ce2e1b2b561e7f7b20328a8e96657cc4465fc
This Metasploit module exploits HP Data Protector Omniinet process on Windows only. This exploit invokes the install service function which allows an attacker to create a custom payload in the format of an executable. To ensure this works, the SMB server created in MSF must have a share called Omniback which has a subfolder i386.
3f3ee3bebaadc3f10e4f57cb6e085b314f160caf7c79688ef8fc177c8ea4eea2
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
20ae67ffabf90865fb2033d5c5e49bfb5fb485ffa6ff37910e8d7084c2236c74