WordPress Top 10 Popular Posts plugin version 2.3.0 suffers from a cross site scripting vulnerability.
2ef13b9046be953e681d2fe0e87def1da4ba275c47d315b48c71767de2390123WordPress Simple Membership plugin version 3.2.8 suffers from a cross site scripting vulnerability.
3e8992560e17c27925537a0aace108c6ef22f9b536239abaf910f9e8ea96163eRed Hat Security Advisory 2016-1423-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
9f4c4559dcc06b30ea7338671d732f696623ebe9e897337ee5a38a3ddeba841dGentoo Linux Security Advisory 201607-3 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.632 are affected.
0ced70ce46c6bc69a8de361251892d7f727488e726c52bdd9e961f23649e5d8cWordPress WP No External Links plugin version 3.5.15 suffers from a cross site scripting vulnerability.
708a16d3086d6d4fbf54c12feb7c24010807b262e8b4085980426fd79cdb8538Red Hat Security Advisory 2016-1424-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. It was found that Apache Active MQ administration web console did not validate input correctly when creating a queue. An authenticated attacker could exploit this flaw via cross-site scripting and use it to access sensitive information or further attacks.
1f8ef5e671baaab7e8547e070bffdc69105dac1529159adb5f0b5131fa269819Cisco Security Advisory - A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 (NCS 6000) Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the Route Processor (RP) on the affected platform. The vulnerability is due to improper management of system timer resources. An attacker could exploit this vulnerability by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections to an affected device. An exploit could allow the attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the RP on the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
d2a2fb27fa8069e1f32a27a53e552ca35bbb07276c635891d08f5591239efdb9Open-Xchange App Suite version 7.8.1 suffers from a cross site scripting vulnerability.
54885411364ea66a6a88cc613ff3399708f6b52cbe59e735d9647a8e158559b8WordPress Google Forms plugin version 0.84 suffers from a cross site scripting vulnerability.
8fb3153cc86d1f165cf198ec1a8cceeefd1b6e4eae41b148c5f367fda60005ddAdobe Acrobat Reader DC version 15.016.20045 suffers from multiple memory corruption vulnerabilities while handling font (.ttf) files. Adobe is offering support for this issue here: https://forums.adobe.com/community/adobe_reader_forums.
bdb4c4a106248c3069f4855591ddaf79f2160358e93e9ff16c4c15d0d021d23aSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
b8f5711f4c24627b056a3889b296b29ec515b34bc2287ad20d13ca20da777ff7Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
c48c9a7e0abd16efb2d35975f105f10f5d25b1b9439a4d1e7933579b9f159a11pmount is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Due to a missing input validation check local users could mount devices to arbitrary destinations and thus taking over the targeted system completely. Versions 0.9.23 is affected.
2721035920e3ee68f9a9ba12f5b428e825d1682c57e62014bc2baa2e25fb29e5WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a reflective cross site scripting vulnerability.
fa89320b02ace12f9ce8f44cd234672b01d01cdb40063e5160e5018276a2cba0WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from an XML external entity injection vulnerability.
d9e516d3777daf410177b4c7a8c4a54f5f7f7677f5de9b1ae66ff8fa3a81c9c2WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a server-side request forgery vulnerability.
594a45b22a23f9e58e46937bbcd941f25047119a629d5af81361518a99390750RootExplorer is a rooted Android App aimed to ultimately control file operations on an Android device. Unfortunately, RootExplorer tries to download an external busybox from plain a HTTP website, which might cause rooted remote code execution.
198bffa368d070bf6edcd0638d73b7f559980f3f73607c0265ebe726b5beffb2GSX Analyzer versions 10.12 and 11 appear to have a hard-coded backdoor account in Main.swf.
6d80581013db353159aba11395fc2dae0e7f7efdada56ef40a81c5ebb8a043a1Linux x86 reverse shell shellcode using xterm ///usr/bin/xterm -display 127.1.1.1:10.
cebb6dfd9fc7d25b9474817067d4e33c98b2cbde02d6887292bcb0ac4f022622Bitdefender Antivirus Free Edition suffers from a DLL hijacking vulnerability.
7a561aabd827fc247f1828536bebb8f12c7d544c14a39de3ea814851f10f9b24Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() shellcode.
fe70b42b0ff9740dddf091231d8cb5b25f3fa26da592d971f7324912ff25a9ca7-Zip version 16.02 suffers from a DLL hijacking vulnerability.
9c942b3d29760a010a0264e776039ca442e49ac4dc1d71898af0038a680adc6dC.COM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability that allows for login bypass.
badd4e311620c0ffc4e4e10b647342354403647a5028bddefb06ef4694285b41The executable installers of Adobe Flash Player released on 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained allowing for fpb.tmp to be executed with elevated privileges.
7fce869dc5cc72a56c6ca8e37ed36104181ea7438b19857348e8d22068b38b07
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed