Apple iOS version 1.0 suffers from multiple access permission vulnerabilities.
f62e2deaf755703843eec2ea1bba1cf6e4d4dd682c549ac566c53be70a175bb2
Teradata Virtual Machine Community Edition version 15.10 suffers from an insecure creation of files in /tmp that may lead to elevated code execution.
e691a1d0946b6dec697dabedfd9fbb69365159048c57b7f3860a30cc91f0e9aa
FUDforum version 3.0.6 suffers from a local file inclusion vulnerability.
bcd00c03ce8a9755bd546700f2fbc239b3aafb0185c943844ef047327e5cf4ea
Jaws version 1.1.1 suffers from object injection, open redirection, and cookie flag related vulnerabilities.
cb9a3ba5d344303ff237151422a740234563518e4eddcbcf33f01bd3c1edc233
FUDforum version 3.0.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
55e60a064182f3909e91b5e12b09cee0d522257682b5ec51178c366ce49b06dc
Jaws version 1.1.1 suffers from a remote code execution vulnerability.
f1ac8e059024b6d543654b98ea962126a4712333b7af780c3dab82cf9a059f7a
Lepton version 2.2.2 Stable suffers from a remote code execution vulnerability via a remote shell upload.
8663af49ec6d8452bc4632a183607bae585d36a51bed1d527eeed84afed70485
Lepton version 2.2.2 Stable suffers from password handling, insecure bruteforce protection, cross site request forgery, and open redirection vulnerabilities.
df1f3345f2e86eee1b373326e540a9ee8f1abfcff075fd6b3f8e424a50bd8910
Lepton version 2.2.2 Stable suffers from remote SQL injection vulnerabilities.
95850d5028036da80ebf188fdc254367da972342753ef2bb43fdd5faf279746f
MoinMoin version 1.9.8 suffers from cross site scripting vulnerabilities.
807d401e79d629f871dda62fa80f8ff1b98894e57637524b21c3634e05083794
MyLittleForum version 2.3.6.1 suffers from a cross site request forgery vulnerability.
7fe46d44b9d07b2f2790059197fa1a0d5965fe71fb59e18ac8eed67a4aad2ab4
Mezzanine version 4.2.0 suffers from persistent cross site scripting vulnerabilities.
07691273ae2e982a02c69e586d9a93bce699ef7d4503063d38ea4e7ae5e7707e
SPIP version 3.1 suffers from head injection and cross site scripting vulnerabilities.
394b3d785040fd809c2f73dd314d77d88779b3b4ac9853ba82bee47980e9b796
MyLittleForum version 2.3.6.1 suffers from path overwrite and cross site scripting vulnerabilities.
fbfa8336328d916623ab45c704db7f5e26dba888f35f477ccd5cf6f293848f19
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
1502a290d3663fa67a44ff6c1c8e8e9434b8ae5e76be5c2a02b06a0e391dc080
A vulnerability existed in the PowerShellEmpire server prior to commit f030cf62 which would allow an arbitrary file to be written to an attacker controlled location with the permissions of the Empire server. This exploit will write the payload to /tmp/ directory followed by a cron.d file to execute the payload.
36491dd12b6c42a1f65d906a4cbc99b3799866ff52ce18af79b2b9c27d2497d6
JavascriptArray::FillFromPrototypes is a method that is used by several Javascript functions available in the browser to set the native elements of an array to the values provide by its prototype. This function calls JavascriptArray::ForEachOwnMissingArrayIndexOfObject with the prototype of the object as a parameter, and if the prototype of the object is an array, it assumes that it is a Var array. While arrays are generally converted to var arrays if they are set as an object's prototype, if an object's prototype is a Proxy object, it can return a parent prototype that is a native int array. This can lead to type confusing, allowing an integer to be treated as an absolute pointer, when JavascriptArray::FillFromPrototypes is called.
101dc4b8ff4f7d1e144aeed9b089ca5fedd08e6c84b3be506d775adb205e3772
There is a heap overflow in Array.splice in Chakra. When an array is spliced, and overflow check is performed, but ArraySpeciesCreate, which can execute code and alter the array is called after this. This can allow an Array with boundaries that cause integer overflows to be spliced, leading to heap overflows in several situations.
6a5819407b1a08e3e5fb1fe3572513e26e584b6fd29bae8efb15d284321b36d2
There is an overflow when reversing arrays in Chakra. On line 5112 of JavascriptArray::EntryReverse, the length of the array is fetched and stored. It is then passed as a parameter into JavascriptArray::ReverseHelper, which then calls FillFromPrototypes, which can change the size of the array.
51efc1a7f671ca4ab3f0714c3f5a4fe110049441aaaf858fda262b78d884d718
There is an info leak in Array.filter. In Chakra, the destination array that arrays are filtered into is initialized using ArraySpeciesCreate, which can create both native and variable arrays. However, the loop that calls the filter function assumes that the destination array is a variable array, and sets each value using DirectSetItemAt, which is unsafe, and can lead to a var pointer being written to an integer array.
b151790aef488a9024d8165bd0cf284b8a3f10045d03d24b0017ec0d7a8eab30
DCFM Blog version 0.9.7 suffers from a cross site scripting vulnerability.
7f85f345bfb9584c740071aaf0ba13726bdd4825ffb6d5f54cd2f5c8151662ba
DCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability.
3eb2a13ad07f20d97cd79ab56f4147df3b71badb0a689fd4022b31ce5716ca45
Ubuntu Security Notice 3130-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.
e29cc974b99c653e8595c5283afc2543bf4f25c83ab9219f573aedda2281d0cd
Red Hat Security Advisory 2016-2807-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
a747ee41bc1c78f0329cb06102ce7044196717407b83c8ba83cdc599fc05f1e6
Red Hat Security Advisory 2016-2808-01 - This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
6aabba5392b13a85b44e0e196d13a81b259818172e29bc8bb40c46530f9dfb13