Red Hat Security Advisory 2016-1489-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
92f448af05fa64277d3b3307da793e54460efff59bc1c9ba1edd08af9ef18f34
Silurus Classifieds version 2.0 suffers from a cross site scripting vulnerability.
3fd2dd44592a87fcbb159e569f3987f00637646955585331a581070ae8b20876
Huawei ISM Professional suffers from a cross site scripting vulnerability.
46902e937f7c2a0957308e0d1d356d671660c726f3aba4c8df628f882b039e67
This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.007 and Load Balancer Firmware <= v5.4.0.004 by exploiting a two vulnerabilities in the web administration interface. The first bug leverages a Arbitrary File Upload vulnerability to create a malicious file containing shell commands before using a second bug meant to clean up left-over core files on the device to execute them. By sending a specially crafted requests it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
c5cbb5353489330f723faa90c0811bb577e0e6462b9b934b977a12a22fc05e6e
Debian Linux Security Advisory 3629-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.
928596a20913fd01d3f58cfb75578feb56c3ebee5c0640ed9f639ec7fd418fa2
This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.
dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4
Red Hat Security Advisory 2016-1487-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.
5e149d7d0af0e12329b4e2d54c27f621fef270d560e4bea0d0871820b9af36c1
Red Hat Security Advisory 2016-1486-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.
e4d411131b152ada7bd72521ea7818502f22e7501a4ad8fa7818025ec57a02bd
Red Hat Security Advisory 2016-1485-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 52.0.2743.82. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
79a0151a046d4d5d83278b6451a43ce51c7e4a3ae2044801f1685824657092b8
Red Hat Security Advisory 2016-1484-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A stored cross-site scripting flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed with that probe data.
fca385e1adee4c3355af668685e712abb94dffc828ffdb015bcc0eb5969e0c41
Red Hat Security Advisory 2016-1494-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.
ae73f277b2b57b9d044f50b51c1a5f666f6be797d89161738790ac2e2a367b22
Dropbox version 6.4.14 has an installer that suffers from a dll hijacking vulnerability.
bfc55686208a6af0facb4041226b4d6d0ad4997fe3955ce1a49bfd0385b724bb
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
8ea6f97365251b45ba9c6309e8b51366f74ef9536f1dad257d2ef65b930d88fa
HP Security Bulletin HPSBGN03630 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
745cf5e5dfc7c05cec2a0a06dcce95a6bd55552bd1be8b60cef63528b32d5890
Secunia Research have discovered a vulnerability in Reprise License Manager (RLM), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when handling the "akey" POST parameter related to /goform/activate_doit, which can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request. Successful exploitation of the vulnerability may allow execution of arbitrary code. Affected include Reprise License Manager versions 12.0BL2, 12.1BL2, and 12.1BL3.
7a44242e9092cfe02efcb8529b1f73b1e9b385b7c89ec38c3ff1c23127ffddbb
Secunia Research have discovered a vulnerability in Reprise License Manager (RLM), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when handling the "actserver" POST parameter related to /goform/activate_doit, which can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request. Successful exploitation of the vulnerability may allow execution of arbitrary code. Affected includes Reprise License Manager version 12.0BL2.
b433828c96e1b1a9650594e28bf347b845408926a31f2dc471d4d2c8904dabf6
PHP gettext.php versions 1.0.12 and below suffer from an unauthenticated code execution vulnerability.
43700cf546cef6f888e70c5f15da849a59dd385eb6bf40696caaa8ca6d9a4a78
This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.
c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0
FreeBSD Security Advisory - The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.
94be495aa94159d16c19228b849a936b7ff41d00262b82639c5ca19b61e52752
Debian Linux Security Advisory 3628-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.
c4d42728c93a6c069a9075ac463c45771991119363de3f80dbbd028a2e5b8945
Red Hat Security Advisory 2016-1481-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
45de905a4b33214eb15ef8e29ef0cb228582cc6a35bbdc52e6237786fb243718
Red Hat Security Advisory 2016-1480-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.
af590c1ca38f804e3f347f28557c1dfd19b5e1606fd497d2c76fb7c2cd5542e7
MediaCoder version 0.8.43.5852 SEH buffer overflow exploit that spawns calc.exe.
507cda410d7506c0efc4bf9f074328227a1db84046b8e2f802f444e4082a3f89
CoolPlayer+ Portable version 2.19.6 m3u stack overflow exploit with egghunter shellcode and aslr bypass.
5a8e68f70a6bdf520588f514a7b7dbd81ae47a8b5523f6e4d2a654e471361eee
CodoForum version 3.2.1 suffers from a remote SQL injection vulnerability.
29e42205f5a7006437937ea15d9724892274bd3b43b9219c9606bcd2841fbcc1