Dell SonicWALL Secure Mobile Access SMA version 8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
5c7358499d27722b3095956c0a8714adDell SonicWALL Network Security Appliance NSA 6600 suffers from a reflective cross site scripting vulnerability. Versions affected include NSA 6600 running SonicOS Enhanced 6.2.4.3-31n, WXA 4000 running 1.3.2.0-07, and SafeMode 6.1.0.11.
83f8a5727ef2ed418c78d3daed6a4fd9Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
e2ae401ca70813ec975322c262263f86Dell SonicWALL Global Management System GMS version 8.1 suffers from multiple cross site scripting vulnerabilities.
6732088f4f82523c4f3021b63a0d0a53Dell SonicWALL Global Management System GMS version 8.1 suffers from multiple blind SQL Injection vulnerabilities.
004a0a4ed5111381354f831f5c8a72f7Gentoo Linux Security Advisory 201612-49 - A vulnerability in mod_wsgi could lead to privilege escalation. Versions less than 4.3.0 are affected.
a1b56359a7bc4185fabb3c1366e5f071Red Hat Security Advisory 2016-2999-01 - In accordance with the Red Hat OpenShift Enterprise Support Life Cycle Policy, support for OpenShift Enterprise 2.x will end on December 31, 2016. Red Hat will not provide extended support for this product. Customers are requested to migrate to a supported Red Hat OpenShift Enterprise product prior to the end of the life cycle for OpenShift Enterprise 2.x.
2938b0a0daa7f30a3e09bd4abfd5d4f1The executable installers for SoftMaker FreeOffice 2016 suffer from a dll hijacking vulnerability.
23477524d519e420cec95f91987d0aceWordPress Templatic plugin versions 2.3.6 and below suffer from a remote file upload vulnerability.
e45b4f800f6995870bca7805f7df6a0fThis Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
2ed6f1c47dd865d072a48b1ed97a4f98BetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
dd099a921c8955a15ce04804189bc77cSwiftMailer versions prior to 5.4.5-DEV suffers from a remote code execution vulnerability.
867421c2ab76adf20394234a4a466e45Joomla aWeb Cart Watching System for Virtuemart component version 2.6.0 suffers from a remote SQL injection vulnerability.
aead8f37750de3b2307d18b731017bd7Android suffers from a heap overflow vulnerability in the tlc_server via the LOAD_TUI_RESOURCE command.
eaa1fa22c33faa9c41779a49bc7c8169Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
3f8900050525c6a2d9b0145d74b35f00PHPMailer versions prior to 5.2.18 remote code execution exploit. Written in python.
1071a3999c4f3f2e365fb7bb03a8bb35WordPress Simply Poll plugin version 1.4.1 suffers from a remote SQL injection vulnerability.
d19cc32d5cc4bb9208b7bf3623b29b63The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. Versions affected include 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, and 6.1.0.
751c507cc41275d09f2241adcf5c8304PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
866aa935950ebe6d9acfd7e53a16846cPopcorn Time version 5.6 suffers from a dll hijacking vulnerability.
498e4f8db0379f2cefd4f711989df828WordPress Image Slider plugin versions 1.1.41 and 1.1.89 suffer from an arbitrary file deletion vulnerability.
5109c25926e1824051415b8e15c0bb8ePHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.
fd1e17cbce43e18c7ccf541988b20ac8Gentoo Linux Security Advisory 201612-48 - Multiple vulnerabilities have been discovered in Firejail, the worst of which may allow bypassing of sandbox protection. Versions less than 0.9.44.2 are affected.
0b0478f2575f68dc733a5426ce0d32b1PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.
e93465ebb2db8952d96d4915153e3e69Wampserver version 3.0.6 suffers from an insecure file permissions privilege escalation vulnerability.
5706d2f1bcd9a9c57340694723d5d1af
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed