Webutler CMS version 3.2 suffers from a cross site request forgery vulnerability.
c60c42cc4336feb6ee9c83dcae2abc556f909850f348817fea74aa3881349b35
WordPress iThemes Security suffers from insecure backup and logfile generation vulnerabilities.
e3308d1fef8c8d026f085134a8bb431d3946592ebc3e93771257b503662abd8d
86 bytes small Linux/x86_64 bindshell shellcode that binds to port 5600.
f415d1d03a37b33543e9ec01d985ee645f372c6796387430d18867f67f06632f
Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.
0d83b41f945d8f4cd97823b67e89a5980fd04776e6b7f23185f7d09ecd0d74ec
phpMyFAQ versions 2.8.26 and 2.9.0-RC2 suffer from a cross site request forgery vulnerability.
b4b19a666863c0731be2d532693b5b2ccf810e9441b2e6245193a4737cfe146a
Red Hat Security Advisory 2016-0651-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.
bbbd2e040a01f786cadbff1861fef9c12b10ef1c508f98e7f33d19f3d298ceca
Red Hat Security Advisory 2016-0650-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.
9f4f3ce6513290cd9445b9e9dd9ec551b258b80a03204a2919a229701768aeb6
Cisco Security Advisory - Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library. The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product are outlined in the "Conditions" section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in "Vulnerable Products."
78fe5bc5630f5e6bb6ffdb225fd6049b8821eb6181ae5e2c77b75655f6bb9121
Cisco Security Advisory - A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. The vulnerability is triggered only by IPv6 traffic. This vulnerability affects Cisco ASA Software release 9.4.1 only. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
81ecfb49b2651d6ccb595836cb13c19a571a98280171311102603ad9016cae8a
Cisco Security Advisory - A vulnerability in the HTTP URL redirect feature of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to cause the device to reload, resulting in a DoS condition, or execute arbitrary code on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
80beed554e809e8a5870224a154380f8f23caadf7d76dc0972162a6d1b575909
Cisco Security Advisory - A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
cdc30beb702f0e49569edc1e6a47e2492634d2280ded85af9b61c7a398b3c5b1
Cisco Security Advisory - A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
cc7c61582a3a61aaedc912d02cc2f5089a42bb405fe4aade132697a4c20e10f6
PHPBack version 1.3.0 suffers from a remote SQL injection vulnerability.
1a3563c8cb984719a04c95e92c88dc0bf4dedddfdd2d12d48fd0726d019c8872
EMC ViPR SRM versions prior to 3.7 suffer from multiple cross site request forgery vulnerabilities.
1fb66dd03a74f0b38a6011bb95c1309b0b0f482a95d89477bba6f4236e08b3b0
Oliver versions 1.3.0 and 1.3.1 suffer from reflective cross site scripting vulnerabilities.
432496911f1411e7822f0277e55dc6ffd1625b86f2ba47830b95a792365b7b98
SAP HANA version 102.02 suffers from a denial of service vulnerability.
5fccc7675d88d83dae2c3a0c0c65e2fb0a98ab8777842e235044812b9b499f18
SAP NetWeaver J2EE Engine version 7.40 suffers from a cross site scripting vulnerability.
4655901da59fa913d5474f46ffc2314351dc96a7255647b287423117a2d864b4
Red Hat Security Advisory 2016-0561-02 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected urgent priority bug fixes for RHEL 5.11. On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content.
4366eac4b38f0f7fb9596ab285515ca6fc43211529f702b81367eceed768c2f8
HP Security Bulletin HPSBST03576 2 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP P9000 and HP XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.
f606dc4dc388eed30004af41fb349d384fd9a13645b31d992d7cc1b0d2b4daae
HP Security Bulletin HPSBGN03555 1 - Potential security vulnerabilities have been identified with HPE Vertica Analytics Management Console. The vulnerabilities could be remotely exploited resulting in disclosure of sensitive information or execution of arbitrary code with root privileges. Revision 1 of this advisory.
4f63819779cdddfebe33628e2067a2957a407f873004fdb0efdff6ac05524e30
Ubuntu Security Notice 2917-3 - USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. Various other issues were also addressed.
4f190a0b3a5329c140efe8e3eb4e0cb1f1beaabfa751c14f762b50fff0465e04
HP Security Bulletin HPSBMU03575 1 - HP Smart Update Manager (SUM) has addressed the following vulnerabilities: The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Multiple OpenSSL vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) or other impacts. Revision 1 of this advisory.
951b9459376328c5cc2cb9fbe9d2e7233b6bd702b9e72e647dbe0a71bf95c52e
A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.
7fd3ef05288e1690d62a92d2e2d6b6fd6cc0392156eb537960ff2d8cc0ea7037
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5674e9a94fd929ae2cf7a99442b66a0fd91e5d4b0454a1924466b2d9ab2bb770
The attached testcases crashes Windows 7 64-bit while attempting to write to an unmapped memory region. On 32-bit Windows 7 it triggers a null pointer read.
d89d761020ed70dcb07f77ce385b34df9657da7e12a58b54828167ae00247fe1