SimplePHPQuiz suffers from a remote blind SQL injection vulnerability.
cf0515d4feeb9e73981e68b0f36f7a9643ae21e7ee948896683bff58c5703ee3
VMware Security Advisory 2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues.
10ce356485ee77b9cf3bc4ec235b364612bdc4d6ed152da245e7a1e17db10900
Red Hat Security Advisory 2016-1664-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
b542c16421a0053cf74470ceee19661e1c59fcea30d437e8dabde33c44a48c25
Red Hat Security Advisory 2016-1657-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
4043f793bb96834574d7f4614976b19cff587e4500e977d8646b0c4f8fcb4824
WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.
63387cb541f174b444a7c0e37d74f3dec4201dfc93508d9f643478d039b574db
VideoIQ Camera suffers from a file disclosure vulnerability.
8e79e33a110bf5cbe4ed378d41e766eceeb6fad1f062efe99f993f25713829a2
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
f012b17b705b2963294163b16293b2c2f8e11f904a7352aec9ba693e48d7a700
Red Hat Security Advisory 2016-1655-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.
4aef31c589e9eb632262467a2391d662c3f9b8731a9caabe096c9d84b5c43a8b
Red Hat Security Advisory 2016-1654-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.
be57c89124c98f2cea8b05cd613985cbc6e73e7db5d4fb67260fd412e521dc99
Red Hat Security Advisory 2016-1652-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.
539a4dbb0d044fdb2e69eddaa74656352db4a87fa6718104e121060c02136047
Red Hat Security Advisory 2016-1653-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.
784b309832846f10d29d70069df5da9ac9c80c535442ac182995d7d0b236dbb3
This bulletin summary lists one bulletin that has undergone a major revision increment.
5721a2c63ab52ed5630f76b062da98a13325a546d07e7b13238dec0c2a5606b7
Gnome Eye of Gnome version 3.10.2 suffers from an out-of-bounds write vulnerability.
6b42597bb574ccc34d7ba77488acc1f56ca5d1d0f62c3ce461004f30059cb46f
WordPress Bonkersbeat theme version 1.0, Method theme version 1.8, and Awake theme version 3.2 suffer from an arbitrary file download vulnerability.
377a2155b0b3a216d8785b603e4c0e98fe506d4f486ab4cbaece2ea45ce60a06
Red Hat Security Advisory 2016-1650-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
1fdd97874e8f34357aa4e0e66133e9488d4279f97fb76a354f29754e7682ff4a
Red Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
6f912c3eac60b24e5fcc49c83f0bc9b2f7d63a1d9a3b172fda35193e1fba6f6f
Red Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
0fbbe7de26ce0f8882caf38888994f49325573c52f60f9e0cd5197f1f5fc4906
BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.
f1cc0ef523db5ceca559ff6245e673e90a6309eaeaf13d63e575e3e9b70a5ea8
This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
aad984f8708901b83c5d2147e19d13750c153fefe31400973769c9a1fcdedf8c
Jaws CMS version 1.1.1 suffers from a cross site request forgery vulnerability.
4c7cb7244f6adffe5ed1f13324e54993002a2ec03435b20c3011a615f7c706b9
phpCollab CMS version 2.5 suffers from a cross site request forgery vulnerability.
8f9e3cce787d1818859b78c4a1a0f36e22a4f9771670aa92f3509e1deec787c5
AVS Audio Converter version 8.2.1 suffers from a buffer overflow vulnerability.
7afcffa21ea4851d253f1a3293dc20489b947ede25b757fba0c6ccc047eef575
ISPconfig version 3.0.5.4 p6 suffers from a cross site scripting vulnerability. It also leaks exception information.
9b4e17f23d24a8657ca32e66aeb0806fdf89bf27015fdfef444397eb7a0a7850
HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.
d61092f8531c4cfe3e647e6a78dff740f1529c96097e41b94e0050770ca40436
ObiHai ObiPhone 1032/1062 with firmware less than 5-0-0-3497 suffers from buffer overflow, cross site scripting, cross site request forgery, command injection, denial of service, and various other vulnerabilities.
c01c956473f4e72a247182e6bcb22fe0af02e5eb1aefac7e5b88a3868d051233