SimplePHPQuiz suffers from a remote blind SQL injection vulnerability.
cf0515d4feeb9e73981e68b0f36f7a9643ae21e7ee948896683bff58c5703ee3VMware Security Advisory 2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues.
10ce356485ee77b9cf3bc4ec235b364612bdc4d6ed152da245e7a1e17db10900Red Hat Security Advisory 2016-1664-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
b542c16421a0053cf74470ceee19661e1c59fcea30d437e8dabde33c44a48c25Red Hat Security Advisory 2016-1657-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
4043f793bb96834574d7f4614976b19cff587e4500e977d8646b0c4f8fcb4824WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.
63387cb541f174b444a7c0e37d74f3dec4201dfc93508d9f643478d039b574dbVideoIQ Camera suffers from a file disclosure vulnerability.
8e79e33a110bf5cbe4ed378d41e766eceeb6fad1f062efe99f993f25713829a2Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
f012b17b705b2963294163b16293b2c2f8e11f904a7352aec9ba693e48d7a700Red Hat Security Advisory 2016-1655-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.
4aef31c589e9eb632262467a2391d662c3f9b8731a9caabe096c9d84b5c43a8bRed Hat Security Advisory 2016-1654-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.
be57c89124c98f2cea8b05cd613985cbc6e73e7db5d4fb67260fd412e521dc99Red Hat Security Advisory 2016-1652-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.
539a4dbb0d044fdb2e69eddaa74656352db4a87fa6718104e121060c02136047Red Hat Security Advisory 2016-1653-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.
784b309832846f10d29d70069df5da9ac9c80c535442ac182995d7d0b236dbb3This bulletin summary lists one bulletin that has undergone a major revision increment.
5721a2c63ab52ed5630f76b062da98a13325a546d07e7b13238dec0c2a5606b7Gnome Eye of Gnome version 3.10.2 suffers from an out-of-bounds write vulnerability.
6b42597bb574ccc34d7ba77488acc1f56ca5d1d0f62c3ce461004f30059cb46fWordPress Bonkersbeat theme version 1.0, Method theme version 1.8, and Awake theme version 3.2 suffer from an arbitrary file download vulnerability.
377a2155b0b3a216d8785b603e4c0e98fe506d4f486ab4cbaece2ea45ce60a06Red Hat Security Advisory 2016-1650-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
1fdd97874e8f34357aa4e0e66133e9488d4279f97fb76a354f29754e7682ff4aRed Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
6f912c3eac60b24e5fcc49c83f0bc9b2f7d63a1d9a3b172fda35193e1fba6f6fRed Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
0fbbe7de26ce0f8882caf38888994f49325573c52f60f9e0cd5197f1f5fc4906BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.
f1cc0ef523db5ceca559ff6245e673e90a6309eaeaf13d63e575e3e9b70a5ea8This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
aad984f8708901b83c5d2147e19d13750c153fefe31400973769c9a1fcdedf8cJaws CMS version 1.1.1 suffers from a cross site request forgery vulnerability.
4c7cb7244f6adffe5ed1f13324e54993002a2ec03435b20c3011a615f7c706b9phpCollab CMS version 2.5 suffers from a cross site request forgery vulnerability.
8f9e3cce787d1818859b78c4a1a0f36e22a4f9771670aa92f3509e1deec787c5AVS Audio Converter version 8.2.1 suffers from a buffer overflow vulnerability.
7afcffa21ea4851d253f1a3293dc20489b947ede25b757fba0c6ccc047eef575ISPconfig version 3.0.5.4 p6 suffers from a cross site scripting vulnerability. It also leaks exception information.
9b4e17f23d24a8657ca32e66aeb0806fdf89bf27015fdfef444397eb7a0a7850HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.
d61092f8531c4cfe3e647e6a78dff740f1529c96097e41b94e0050770ca40436ObiHai ObiPhone 1032/1062 with firmware less than 5-0-0-3497 suffers from buffer overflow, cross site scripting, cross site request forgery, command injection, denial of service, and various other vulnerabilities.
c01c956473f4e72a247182e6bcb22fe0af02e5eb1aefac7e5b88a3868d051233
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed