OpenSSHD versions 7.2p2 and below remote username enumeration exploit.
2f182c8354b3885f9f53dee4dfd49de6b64a388306dc36b6cf716adfc0ef8ac9
Gentoo Linux Security Advisory 201607-14 - A vulnerability in Ansible may allow local attackers to gain escalated privileges or write arbitrary files. Versions less than 1.9.6 are affected.
5abe34fb3432373e7e24b84ec2f041264edc4100c25d4e25c505f3aa830b83cf
Gentoo Linux Security Advisory 201607-13 - A buffer overflow in libbsd might allow remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.
f356293130cc41f6c5d8ce93ce7fc682a43dcb6604dc3e0f868c6dca3d2c0fc3
Gentoo Linux Security Advisory 201607-12 - A local attacker could execute arbitrary code by providing unsanitized data to a data source or escalate privileges. Versions less than 4.87 are affected.
22534b373f0d93237acf41108fb6a56ff906ad77fd8c5a9ae003dd2dc9682857
Gentoo Linux Security Advisory 201607-11 - Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Versions less than 5.0.3 are affected.
80a0902267c16233710208037b188bcd90eb15791d34baf0375c867b48579f49
Gentoo Linux Security Advisory 201607-10 - Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. Versions less than 3.0.7 are affected.
c34e7c2fcf5bec193bd0105cdbf6caa9e33b041e525c3094834b3e35b5bdb77a
Gentoo Linux Security Advisory 201607-9 - Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. Versions below 1.9.2 are affected.
e796b79d0cecceb30859bf6409dd12a908bf0b6687463fd62c86692038a1b122
Gentoo Linux Security Advisory 201607-8 - A vulnerability has been found in Dropbear, which allows remote authenticated users to bypass intended shell-command restrictions. Versions less than 2016.73 are affected.
37c6e42ccd2e3205e832bfa112c6fd71bfd4a0029363d1e168539226fbb72a83
Red Hat Security Advisory 2016-1439-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based SSO capabilities for web and mobile applications. This asynchronous patch is a security update for JGroups package in Red Hat Single Sign-On 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
317cf16ea3dbb6853842f5156d6f798a461a36ad069b855b978b49ca6e73153c
Debian Linux Security Advisory 3623-1 - Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
3f0f077fa580f9c70a712a8e940ea126c15ee5ca79bb2cc5ae3afdb0dbc13ec9
A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.
1653be97a06d0c2cfb3b03919f6fc2b0e26ba7129144b78467d3acbf64b1587a
Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.
2523e79ab44f97c6ba12c7d6cca69bcb2705a67438d5e18cab9228b1987fd2b6
Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is automatically applied into the application with newly created user account. Wowza stores sensitive information such as username and password in cleartext in admin.password file, which is readable by local users.
6aeb40c49c98f54885a81500ea883a8c18636e37e6a4106edc674c11c35d726c
Wowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.
62f01e79af598b0742b989b77d2439edfb0e0bc768e7e6c6f6a1d2e4736744c2
The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter 'accessLevel' to 'admin' gaining admin rights and/or setting the parameter 'advUser' to 'true' and '_advUser' to 'on' gaining advanced admin rights. Version 4.5.0 build 18676 is affected.
6dff3829d868f5291d523f9273d16a035430766d14c73adc9a0bea44fd2a9c99
Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software. Version 4.5.0 build 18676 is affected.
d540e3f2fcd68f2e6da510dff4fc2e5afbf1649659c608d2f1f24e39cb9e934c
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
8b1eab8536e0255a2e225617dce831c3b6bf520fd5ddfc2f04a2f7663be2cb6a
WordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.
e466846931ce435c89ed6a17e672eaf0b4818880fd543e1016bd3f3bc4de6f26
WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.
7736356de45c70b551bfad1e9d2f465f4af57ee30034f6cbddf58e14110df94c
Apple Security Advisory 2016-07-18-6 - iTunes 12.4.2 for Windows is now available and addresses multiple memory corruption vulnerabilities.
633c434706d646cb88f9b2500c243323908adca066d93650b3de1179c1021483
Apple Security Advisory 2016-07-18-5 - Safari 9.1.2 is now available and addresses information disclosure, spoofing, and various other vulnerabilities.
c9e88a9ceedaa41e7c53dede660e559e035f39a544a712c1ee2fa29d95684de7
Apple Security Advisory 2016-07-18-4 - tvOS 9.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.
4a9bc32a7d4706ab17452ff64199e021359d694515d28902f836d1e4f0ed5d85
A heap memory corruption vulnerability exists in the ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++.
7b43a417029a6660a52e541cea51ce69f3ace470ef73b37b87d6e6718bb3e958
WordPress Icegram plugin version 1.9.18 suffers from a cross site request forgery vulnerability.
34497fd583aa9c4a2d176e260fdb464996bceb614b526b50b668962c1bc2887a
Apple Security Advisory 2016-07-18-3 - watchOS 2.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.
a5e03cf377eb22ba61d0ea650f262c33428093e57329215b0a10d4bd3248e047