Gentoo Linux Security Advisory 201608-1 - Multiple vulnerabilities have been found in OptiPNG, the worst of which could lead to the remote execution of arbitrary code, or cause a Denial of Service condition. Versions less than 0.7.6 are affected.
713c5763445c047353969f292116486ba6c02d364774f61852de0cb87506fb2dRed Hat Security Advisory 2016-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.
01dc421a3024cf93d2a181c2d77c7cbf33b5392e1fa201d53227350f09ca3849Red Hat Security Advisory 2016-1595-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.
6577b69c7abe4cd79ad8dd56fd8ee2632139dbe9c7f3ac0e400e0e80901f5b24Red Hat Security Advisory 2016-1594-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.
1c6f2dd8a8996a7cc16a614e6641a705da125c0969212573506d95695f96285fA DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
77b0507ce09c87acf67f7f51e1ec6e8edf574e2564f337de61f2167599efd712The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
4ba89f6c713b97601f4d0f7f4247df8839c79b72366474692143a9ce61a45d08The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2, Crystal and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
c1fe6b091d64c6ffde8067884a1a1cfdb89fc96e74975fa66a11765b3d24a22fRouters manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.
23aa19a2ba418a35cd8bbecabd42ee2c073706a9c5dc4bf7724e7a87210b3a29Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
e526bc68dd7fc857147e1bbe8e921f1d4110eece04020dc4932d94850a062701Red Hat Security Advisory 2016-1589-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6733f1160b68f5ada5d6f2f81311e3e075c0d29441f777b8ff661359a627e3c5Red Hat Security Advisory 2016-1588-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
27c27208aa5be8b1a89fe1a22fc1a562282fb9c75bce3eab189eee0f89b0486bRed Hat Security Advisory 2016-1587-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
a189b25381cfcc73e81e7fbe0e460d4b1da606b9761665aef85cf8d877ec8c56Red Hat Security Advisory 2016-1593-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.
087f52dac8d83450be6b8dc20e6e4af7bcdd624bfa88cf6d7d4bfeb101401aa8Red Hat Security Advisory 2016-1592-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.
fa4b431075d96b8bcf3588ae7c01575665f48a5ed05f0028dfc5ae37a73f7945Cisco Security Advisory - A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.
0f8053bc0738b5eb624d423cfbff6b3798c7960f57b14cc33a6ae35d37855c49Ubuntu Security Notice 3059-1 - It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestring_addn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
fe827c65180b37f784ff3be0cf56386273be9f11b47187474ee5233beda40434Ubuntu Security Notice 3060-1 - It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. It was discovered that the GD library incorrectly handled memory when using gdImageScale. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4ff0941884cc315075d0925f1efa11b66caecf01e8c16df9d940e0a0cdf582ce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed