FreeBSD Security Advisory - The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.
94be495aa94159d16c19228b849a936b7ff41d00262b82639c5ca19b61e52752Debian Linux Security Advisory 3628-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.
c4d42728c93a6c069a9075ac463c45771991119363de3f80dbbd028a2e5b8945Red Hat Security Advisory 2016-1481-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
45de905a4b33214eb15ef8e29ef0cb228582cc6a35bbdc52e6237786fb243718Red Hat Security Advisory 2016-1480-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.
af590c1ca38f804e3f347f28557c1dfd19b5e1606fd497d2c76fb7c2cd5542e7MediaCoder version 0.8.43.5852 SEH buffer overflow exploit that spawns calc.exe.
507cda410d7506c0efc4bf9f074328227a1db84046b8e2f802f444e4082a3f89CoolPlayer+ Portable version 2.19.6 m3u stack overflow exploit with egghunter shellcode and aslr bypass.
5a8e68f70a6bdf520588f514a7b7dbd81ae47a8b5523f6e4d2a654e471361eeeCodoForum version 3.2.1 suffers from a remote SQL injection vulnerability.
29e42205f5a7006437937ea15d9724892274bd3b43b9219c9606bcd2841fbcc1Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.
75683bf10479970e059d4148415a4d6ba28a3aaad459288029dd624f6ebfab5dPHP File Vault version 0.9 suffers from directory traversal and file reading vulnerabilities.
0e4a65a96a4a22d45e2f891b953ae6e0f8559136da12d4e2c558f8a051f8c198Debian Linux Security Advisory 3627-1 - Several vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface.
b459793bb9e3a45ee09e42a83c4dd91fd3fb925762e1b886f320caf9f253c3d9WordPress Code Snippets plugin version 2.6.1 suffers from a cross site scripting vulnerability.
94985924416acf59239d3c59d37b7125ae6793ec70caf0d2e55e2f9c1e404f90WordPress Contact Form to Email plugin version 1.1.47 suffers from a cross site scripting vulnerability.
db19b75929c766407627f561ce21cf8d75048502fd1ed0f6a31618524e63976cBellini/Supercook Wi-Fi Yumi SC200 suffers from code execution, weak default password, and information disclosure vulnerabilities.
1295efbedb315f2a50e34b67933ea59e41690a239b319460ffbcb66f607464c2Joomla Showdown component version 1.5.0 suffers from a remote SQL injection vulnerability.
8b35a2c8083869bc2c7bad988609159655f073a90a430d22f8d1d37effbde31eNeoscreen version 4.5 suffers from a cross site scripting vulnerability.
a6b88238b585b94aa262a507f88ea2fd3cd4471b7bec60266e9b70cd1f771ecfNeoscreen version 4.5 suffers from a remote blind SQL injection vulnerability.
9b49732caf396486cec8e75ddf871cc31afe00a529d92e86963b729e70d55f47Neoscreen version 4.5 suffers from an authentication bypass vulnerability.
2a1948518f12aecc90ff982e0d377eb99f4226f02f0def6336846be88437e601
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed