GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.
3ebf4d81b9c108e57502040e8018d849ca791f68c50a3e363db8ee6554556d53
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) have released a fix for a vulnerability that may potentially lead to denial of service and data disclosure. When restoring backups of Linux Avamar clients using the web restore interface, a malicious Avamar Client user may read and/or delete critical directories on the Avamar Server. This may lead to a denial-of-service attack on the Avamar Server, or unauthorized access to Avamar Server data by the malicious Avamar Client user. All supported versions prior to 7.3.0 of EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) are affected.
572a5c2a703d7f692f7e1966646f0725a31f3596c40aa8ddb112bc055aaa002c
AWBS version 2.9.6 suffers from remote SQL injection and cross site scripting vulnerabilities.
1675afe8e039059668317602ec43e19933d8f670b5ec636629c17e9161d7743b
RS232-NET Converter (JTC-200) suffers from cross site request forgery and weak credential management vulnerabilities along with unauthenticated access over telnet.
f40c27189efefaddaf076e2f7f0a039c4c3ecdf9474cf872b0c3d27fd919c72b
CIMA DocuClass ECM suffers from cross site request forgery, cross site scripting, direct object reference, and remote SQL injection vulnerabilities.
e59340b8b2d2736f3f23ac644c82482a122095cf376b184333e25aefc5c3d6b6
OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.
be513ac2a1d466d9fc24adcadf3d11b3c22f9970e5d75746d50da08647e6334e
Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.
af3f900b8ea8475a7548d9c557b237e3693679f81551df21a63dddf1a022c03f
Micron CMS version 5.3 suffers from a remote SQL injection vulnerability.
3c36fe67d394ea751c57236ea8cd40e2dcbd72d899747169f1be3761450e74b5
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
35deddf2779b76ac11057de38bf380b8066c05de21b94263ad5b6dfa75dfbb23
The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK and appears to suffer from a privilege escalation vulnerability.
6e6f5be9346ce92749741f62f51847396d676dba887f707954ead81bbe16e561
The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be designed for single-user usage. The common JACK configuration on Linux systems appears to be a JACK server running under the current user account, and interacting with JACK clients from the same user account; so with a minimal privilege difference; this is not the case with the configuration on Android, where the JACK service runs as a more privileged user in a less restrictive SELinux domain to the clients that can connect to it. The JACK shared memory implementation uses the struct jack_shm_info_t defined in /common/shm.h to do some bookkeeping. This struct is stored at the start of every JackShmAble object. This means that whenever the JACK server creates an object backed by shared memory, it also stores a pointer to that object (in the address space of the JACK server), allowing a malicious client to bypass ASLR in the JACK server process.
154f9eac96eeb68b35b32d286401c145dafcaee91d33e5328b096764d282a114
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
5b65fe2a91c8dfa32bedc78acffcb152e5426cd3349e2afc43cccc9bdaf18aa5
Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.
d336842a50b3aaa3e3071e1f1915eb0894fa880d18d7e17f80ee3c508fd8a08c
IBM BlueMix Cloud suffers from a client-side malicious script insertion vulnerability.
43ae57eacfa2eb6a617d2b40733bb1248a1580601e9efdf40337d67e76e94fc3
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
2012c67cd740a69e563d26ca0e7d812f3e54b8735020a1af877f04c3e7429695
This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.
7b076eb4c293543ed664b1e38b4942197ec5fe84ee01dda8591020258e48df90