Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.
75683bf10479970e059d4148415a4d6ba28a3aaad459288029dd624f6ebfab5d
PHP File Vault version 0.9 suffers from directory traversal and file reading vulnerabilities.
0e4a65a96a4a22d45e2f891b953ae6e0f8559136da12d4e2c558f8a051f8c198
Debian Linux Security Advisory 3627-1 - Several vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface.
b459793bb9e3a45ee09e42a83c4dd91fd3fb925762e1b886f320caf9f253c3d9
WordPress Code Snippets plugin version 2.6.1 suffers from a cross site scripting vulnerability.
94985924416acf59239d3c59d37b7125ae6793ec70caf0d2e55e2f9c1e404f90
WordPress Contact Form to Email plugin version 1.1.47 suffers from a cross site scripting vulnerability.
db19b75929c766407627f561ce21cf8d75048502fd1ed0f6a31618524e63976c
Bellini/Supercook Wi-Fi Yumi SC200 suffers from code execution, weak default password, and information disclosure vulnerabilities.
1295efbedb315f2a50e34b67933ea59e41690a239b319460ffbcb66f607464c2
Joomla Showdown component version 1.5.0 suffers from a remote SQL injection vulnerability.
8b35a2c8083869bc2c7bad988609159655f073a90a430d22f8d1d37effbde31e
Neoscreen version 4.5 suffers from a cross site scripting vulnerability.
a6b88238b585b94aa262a507f88ea2fd3cd4471b7bec60266e9b70cd1f771ecf
Neoscreen version 4.5 suffers from a remote blind SQL injection vulnerability.
9b49732caf396486cec8e75ddf871cc31afe00a529d92e86963b729e70d55f47
Neoscreen version 4.5 suffers from an authentication bypass vulnerability.
2a1948518f12aecc90ff982e0d377eb99f4226f02f0def6336846be88437e601
Debian Linux Security Advisory 3626-1 - Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users passwords are hashed using SHA256/SHA512, then a remote attacker can take advantage of this flaw by sending large passwords, receiving shorter response times from the server for non-existing users.
2f863fa4086db0a31226d56604fd7475efd80aac9d83230c52c988d3925ce6d0
Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
120e40124b2650bf6bce6e60a521c443d54b15ebf39bb3e4eefcfa1bddb21b44
The Joomla Weblinks component suffers from a remote shell upload vulnerability.
43c2692dbcc9023249dc7dcc905354ee474b5b51e10fc0837f5a1f16ea956d50
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. This is addressed in version 0.15.0.
a6b400b8f7febcf337e4f3b6452bfd2ec96d9d6edd9c6329679e50b857c3b896
NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.
ee955b7a52b2b1e4a0cd6baef82904dc7cfb28e310abaf3166325756dc708c3f
This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
1140a40daee90570960cfd7f3c6d5cd7ddfbca7468a85535b18619b259be1089
This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
808ddc4f2e9d4a40b867ca92e98217e9170d718d92040b6e9e8b3c8f3b5a6144
Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services 'AppSpider REST Server', 'AppSpider REST Service' and 'AppSpiderUpgradeService' for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
55ddb2f9d5c796a92a54f5b0955345575e3f554eb0f7b54edbe97bbeacde61dd
TeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.
a6f938983c6627ce76219ba9164c73d23d86783ad91a0f97d30fe23dfba8b5cb
Debian Linux Security Advisory 3625-1 - Several security issues have been discovered in the Squid caching proxy.
22d0c205cb033a2148166187d7a118d29d9dcc6295325cc3e1f28d5ff805791d
Slackware Security Advisory - New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
392fdbb15e2406a2e95e9434965942b6e2760982231de9e6252d3eaa20a27e51
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
06b270db60bab1c5042a20d49f118cbf8e37b6f5c672d51b08de3cc253ac07e0
HP Security Bulletin HPSBGN03631 1 - A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
c17910ace9f145dd7b8ebe6050394be1f1cf3db8ff2d238485bbcd1b64225fcb
Debian Linux Security Advisory 3624-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
53d03f4dfe05293f62735d44f4c1cbc475df2006023022701b93781bd8a27a44
Cisco Security Advisory - A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability.
6dfd8f85b7b8a3672b9bf5091412d2147c9c73b4c2fe4155a60fb7012f9b6b5f