Riverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.
00ab1d582827932b2ba3b410528854489b8967d3984a75bb1c14cd8cdf9bae86Ubuntu Security Notice 3016-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
3b960ba01dd7b794aef265df87941a0121a7b266f1c50456a9f279d9ccd0c927Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.
864bbff45b523909afdd66be5c8db8e1600deb37c0595b635a7b5803b4788e83Ubuntu Security Notice 3016-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
b7b6569c094d6e250336c05cb6c8a2054aae6090826ed99ebac47b7a65fba9bdiBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.
90c8a074050732437227d5b545e662c2703b13765c44c9ecfda872f7e4a5d9d0The CloudGate M2M gateway from Option suffers from an insecure direct object reference that allows for authorization bypass as well as cross site scripting vulnerabilities.
1004def6073bda6407b393c2311d74ac79b0df7f786b39ba8e7a5bac5dd631c3Multiple Panda Security products are vulnerable to local privilege escalation. As the USERS group has write permissions over the folder where the PSEvents.exe process is located, it is possible to execute malicious code as Local System.
f2c3335b56476d81d249fe69f248bb45a5f8e46e582bf79a99ae8afe17b0dee0Gentoo Linux Security Advisory 201606-16 - A buffer overflow in PLIB might allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.
1c00e066fb23540a9ad5a677e16190d40daf940bd0c13db2d78f895381422e5dGentoo Linux Security Advisory 201606-15 - Multiple vulnerabilities have been found in FreeXL, allowing remote attackers to executive arbitrary code or cause Denial of Service. Versions less than 1.0.1 are affected.
66447f4605cfc40f3673194b46cfdc8235c53aa2e27abc0a1bc15530254a1485Gentoo Linux Security Advisory 201606-14 - Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service. Versions less than 6.9.0.3 are affected.
70b73520d788fbcf5fd3bcbbb0cfc03ecd29886963a4711f6ca6c91671edb703Gentoo Linux Security Advisory 201606-13 - sudo is vulnerable to an escalation of privileges via a symlink attack. Versions less than 1.8.15-r1 are affected.
ded337a5c37a4a4988b8a6954f7c27a1e14d6b846df65915b30d360b982181eeGentoo Linux Security Advisory 201606-12 - Multiple vulnerabilities have been found in libssh and libssh2, the worst of which allows remote attackers to cause Denial of Service. Versions less than 0.7.3 are affected.
a7682074939d8d39fdbac72c4a9138e844743c73c282548b5fb3e4eebea79c23Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
20b6bfa73054d012cdaf01c59877c6e8e69753ff9a59afe3f8573733bbc90549Gentoo Linux Security Advisory 201606-11 - Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation. Versions less than 3.13.2 are affected.
d93afbc054fbd44009f35488987607e4424bea092ae43b539bfd4399473f1d31Parsijoo Search Engine suffers from a cross site scripting vulnerability.
0aff94920da9819f0b10ac4ae23aca660ccbdef403bc6bf45ae550e11c5f8769ASUS DSL-N55U version 3.0.0.4.376_2736 suffers from cross site scripting and information disclosure vulnerabilities.
2297595e06db7fa420a012baf7d29c1bd77b0683ceb2f735ed013c7ffe5a94beDebian Linux Security Advisory 3606-1 - It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks.
61d21573a2ded453c905fe50c7f9fd46873c6e0f09de588bcfd1a066e813e554JIRA Artezio Board plugin version 1.4 suffers from cross site scripting and information disclosure vulnerabilities.
a0d144ea2b00eb5d9831c86d25439a5db48c3e97147d507ef547e9cec42fa4faJIRA Mail.ru Calendar plugin version 2.4.2.50_JIRA6 suffers from multiple cross site scripting vulnerabilities.
9db0638c04e003fb397fbec73497ef7bd2a7f509cc3b670b2cae9f8fb924d6c0LearnVest Web Application suffers from a persistent cross site scripting vulnerability.
3593feb65f3d43639b0088d9a7262d08022e8d86ddfde1a58ca8d125df0eeb33MoneyTrackin Web Application suffers from a persistent cross site scripting vulnerability.
6402aae158ad1102885aef5e05fc5dcb6d5bd711801b982df72a5e5137bc6f0cKashFlow Web Application suffers from a persistent cross site scripting vulnerability.
338cb402ee5e6e927390317c6de151a43ca0725db00590ddcd3dccc9325ecf1fToshl Finance Web Application suffers from a persistent cross site scripting vulnerability.
05e0f4399b672222077b63fac14ad7d94bae3db58b9cd280b207508479f88fb5libical versions 0.47 and 1.0 suffer from a crash issue.
e314583b6bf83ffbfdfd9a7a4875334a7dbd17311c08e56a43e14b40b4d360a7net/http in Ruby HTTP Header suffers from an injection issue.
266f4d353900c02643e4dcfa014500e23697fa6da787b60c852b929243b05e31
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed