Riverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.
00ab1d582827932b2ba3b410528854489b8967d3984a75bb1c14cd8cdf9bae86
Ubuntu Security Notice 3016-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
3b960ba01dd7b794aef265df87941a0121a7b266f1c50456a9f279d9ccd0c927
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.
864bbff45b523909afdd66be5c8db8e1600deb37c0595b635a7b5803b4788e83
Ubuntu Security Notice 3016-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
b7b6569c094d6e250336c05cb6c8a2054aae6090826ed99ebac47b7a65fba9bd
iBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.
90c8a074050732437227d5b545e662c2703b13765c44c9ecfda872f7e4a5d9d0
The CloudGate M2M gateway from Option suffers from an insecure direct object reference that allows for authorization bypass as well as cross site scripting vulnerabilities.
1004def6073bda6407b393c2311d74ac79b0df7f786b39ba8e7a5bac5dd631c3
Multiple Panda Security products are vulnerable to local privilege escalation. As the USERS group has write permissions over the folder where the PSEvents.exe process is located, it is possible to execute malicious code as Local System.
f2c3335b56476d81d249fe69f248bb45a5f8e46e582bf79a99ae8afe17b0dee0
Gentoo Linux Security Advisory 201606-16 - A buffer overflow in PLIB might allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.
1c00e066fb23540a9ad5a677e16190d40daf940bd0c13db2d78f895381422e5d
Gentoo Linux Security Advisory 201606-15 - Multiple vulnerabilities have been found in FreeXL, allowing remote attackers to executive arbitrary code or cause Denial of Service. Versions less than 1.0.1 are affected.
66447f4605cfc40f3673194b46cfdc8235c53aa2e27abc0a1bc15530254a1485
Gentoo Linux Security Advisory 201606-14 - Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service. Versions less than 6.9.0.3 are affected.
70b73520d788fbcf5fd3bcbbb0cfc03ecd29886963a4711f6ca6c91671edb703
Gentoo Linux Security Advisory 201606-13 - sudo is vulnerable to an escalation of privileges via a symlink attack. Versions less than 1.8.15-r1 are affected.
ded337a5c37a4a4988b8a6954f7c27a1e14d6b846df65915b30d360b982181ee
Gentoo Linux Security Advisory 201606-12 - Multiple vulnerabilities have been found in libssh and libssh2, the worst of which allows remote attackers to cause Denial of Service. Versions less than 0.7.3 are affected.
a7682074939d8d39fdbac72c4a9138e844743c73c282548b5fb3e4eebea79c23
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
20b6bfa73054d012cdaf01c59877c6e8e69753ff9a59afe3f8573733bbc90549
Gentoo Linux Security Advisory 201606-11 - Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation. Versions less than 3.13.2 are affected.
d93afbc054fbd44009f35488987607e4424bea092ae43b539bfd4399473f1d31
Parsijoo Search Engine suffers from a cross site scripting vulnerability.
0aff94920da9819f0b10ac4ae23aca660ccbdef403bc6bf45ae550e11c5f8769
ASUS DSL-N55U version 3.0.0.4.376_2736 suffers from cross site scripting and information disclosure vulnerabilities.
2297595e06db7fa420a012baf7d29c1bd77b0683ceb2f735ed013c7ffe5a94be
Debian Linux Security Advisory 3606-1 - It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks.
61d21573a2ded453c905fe50c7f9fd46873c6e0f09de588bcfd1a066e813e554
JIRA Artezio Board plugin version 1.4 suffers from cross site scripting and information disclosure vulnerabilities.
a0d144ea2b00eb5d9831c86d25439a5db48c3e97147d507ef547e9cec42fa4fa
JIRA Mail.ru Calendar plugin version 2.4.2.50_JIRA6 suffers from multiple cross site scripting vulnerabilities.
9db0638c04e003fb397fbec73497ef7bd2a7f509cc3b670b2cae9f8fb924d6c0
LearnVest Web Application suffers from a persistent cross site scripting vulnerability.
3593feb65f3d43639b0088d9a7262d08022e8d86ddfde1a58ca8d125df0eeb33
MoneyTrackin Web Application suffers from a persistent cross site scripting vulnerability.
6402aae158ad1102885aef5e05fc5dcb6d5bd711801b982df72a5e5137bc6f0c
KashFlow Web Application suffers from a persistent cross site scripting vulnerability.
338cb402ee5e6e927390317c6de151a43ca0725db00590ddcd3dccc9325ecf1f
Toshl Finance Web Application suffers from a persistent cross site scripting vulnerability.
05e0f4399b672222077b63fac14ad7d94bae3db58b9cd280b207508479f88fb5
libical versions 0.47 and 1.0 suffer from a crash issue.
e314583b6bf83ffbfdfd9a7a4875334a7dbd17311c08e56a43e14b40b4d360a7
net/http in Ruby HTTP Header suffers from an injection issue.
266f4d353900c02643e4dcfa014500e23697fa6da787b60c852b929243b05e31