FlatPress version 1.0.3 suffers from cross site request forgery and remote shell upload vulnerabilities.
d278db65414293aefea2af73e991df9eb2374b5d235dccdc7abb5847713bb09eLorex LH162400 DVR firmware version 5.2.0-20141008 has a hard-coded administrative backdoor credential.
e8f13a783ea42627048c1254e1521e597f8febb49cdc37b444c32eeec559dc49PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
3b5ee95207a77de913e65c159163c351818401602ad544b94b31931deed0eb40WebKitGTK+ versions prior to 2.12.3 and 2.12.1 suffer from memory corruption, code execution, information disclosure, and denial of service vulnerabilities.
ed3b878265e2eac705c28e5a41e795719a9e61d8a59b0c6cf7447c33a10a314dThe Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeated by requesting malicious URLs containing specific escaped characters. Leveraging on this weakness, a malicious user can gain access to protected resources (e.g. WEB-INF and META-INF folders and their contents) and defeat application filters or other security constraints implemented in the servlet configuration. Versions 9.3.0 through 9.3.8 are affected.
26929157b560ea70de00b08c35d3faa27d7dde2502ff66c5a5de0ac9128cc9bcDebian Linux Security Advisory 3588-1 - Two vulnerabilities were discovered in Symfony, a PHP framework.
7e8909d5da9e686e15ac23e7f229b103db8a093fa5d9eb609d1daa3f0dfab65cSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
36d7d930cce447857256736443653d9e62bbfd3c84ffae630bff2e25820515f2Slackware Security Advisory - New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
94e4c8893fef5dff9472b543506541a4ab4391cf95cf3158fb739ebd3e085faeGentoo Linux Security Advisory 201605-4 - Multiple vulnerabilities have been found in rsync, the worst of which could allow remote attackers to write arbitrary files. Versions less than 3.1.2 are affected.
077e09ac08fadd1cf9ba8bca376b61928812ed8dd5b022f6fd27617d0e2eb9c5Gentoo Linux Security Advisory 201605-3 - A double free vulnerability has been discovered in libfpx that allows remote attackers to cause a Denial of Service. Versions less than 1.3.1_p6 are affected.
5a8e0c57dbfedfa873ed9019451f951e8e7b84f3e07b5e5b15003e541e9ef446Debian Linux Security Advisory 3589-1 - Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using gdk-pixbuf (application crash), or potentially, to execute arbitrary code with the privileges of the user running the application, if a malformed image is opened.
b82336321cadd731e75428bfc9c8ff1efa7b0f2be73badd09f6a8327c8316402Publisher in Microsoft Office 2010 suffers from three denial of service vulnerabilities that can result in a crash.
92d4806502ddbfb861c44b73ab19354dd02252559e04a185f6e8ea97c63c7f33PoShFoTo is the PowerShell Forensics Toolkit, which contains a dozen PowerShell tools that allow you to do basic incident response and malware forensics. It includes Hex Dumper, Registry timeline generator, File timeline generator, and PE-block analyzer.
2516e4a082ce0e53db6d6ba8ddfba777505de06d31bfefcccdabcff2c0057a2bLinux x86_64 XOR encode execve shellcode.
64ded5eaa2f56885a7f015438d22573ce7ccef39ea2fd97ec60e4d1bfac789f1Microsoft Internet Explorer divide by zero proof of concept denial of service exploit.
0e70e4c082f946f359c63b9b6a4e594dc50965980351a81ff1b82297a5f7c2e7Open Source Real Estate Script version 3.6.0 suffers from a remote SQL injection vulnerability.
bb88bb3834dcbef9cdc1902fa62ffb25bab0923b51d5eb8cbcd4182e4ab4c649
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed