XenForo ToggleME version 3.1.2 suffers from multiple cross site scripting vulnerabilities.
2ec81da933635f268cac0c59dd5efa9ad0c1541a95dcd28dee6c054aedd2362eRed Hat Security Advisory 2016-1851-01 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
141013276aaca0bcca5001a6029bcbf18608534cfc68f348f32f7a7649bd9dc0Red Hat Security Advisory 2016-1850-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.
711241662188f0c0cfb9c91a6f39f28a53a23f91e708e6da3698d03b733d5d3aRed Hat Security Advisory 2016-1844-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.
ecc02ac8c19e821e663da1602fbb4cbf585f0740fa7472a450e18bdab7e321d2Red Hat Security Advisory 2016-1854-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 53.0.2785.89. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
d1764d6099ef14b9048946372d5eb3cbfbff5f089a8b9c21d6168232981a066eRed Hat Security Advisory 2016-1852-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.
a67fa6324f51166b5e46df16d623948599e9407fc77a2052b844c253d114f9b7Red Hat Security Advisory 2016-1853-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: When processing an archive file that contains an archive entry with type 1 but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data.
d96a27f2b704504db8e35fa4b9580c5b8c0477cd80699ab6ccab2d27dfd407fcPIKATEL 96338WS unauthenticated remote DNS changer exploit.
596be1de21272fb1b77bedf46d16b77640ce788f243002e315626dc0d7df7e35Exper EWM-01 ADSL/MODEM unauthenticated remote DNS changer exploit.
93fde35b7c746959d79e57ca13e221260f073b947a6e4133230979af7ceec22fInteno EG101R1 VoIP Router unauthenticated remote DNS changer exploit.
873d98f5b0dd13d80e9d6c6b19685ca72ef286d52b868b4d74c7f516f63ee1e3MySQL versions 5.7.15 and below, 5.6.33 and below, and 5.5.52 and below suffer from remote root code execution and privilege escalation vulnerabilities.
5e8a01e26f616b7e322e11ee4900c798c738b94ceece89ba36e9df202cdc0496Zapya Desktop version 1.803 suffers from a privilege escalation vulnerability.
1204fdb3dca01a1547ffc9eb6eb38df0d60edd8a43261e989e340d837522878fwww.google.fr suffered from a cross site scripting vulnerability.
bd34f939808ce09fa45510feddecc1aa12263f4fa75875726dd9139cd340a5efJoomla jVoteSystem component version 2.56 suffers from a remote SQL injection vulnerability.
34b1e6a617c6e7a3e5d9350f0ae387d44c783f672278d3a00a69aed1ec0f7805Joomla jVoteSystem component version 2.56 suffers from a cross site scripting vulnerability.
82fdcb3d031a094669be174b810d952f15c710c3b8e66d80b414ec4ce453daea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed