QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.
2338d54a3f3425f4ef6945698a4d1e0725c1aeb60607671654d4a0472c4453d7dotCMS versions 3.6.1 and below suffer from a remote blind boolean SQL injection vulnerability.
5d482759cd5deb53d79a37c4d60b252379b0848d2d2411f657f0d7be85abb9fcMultiple heap overflows, out of bound writes and reads, NULL pointer dereferences, and infinite loops have been discovered in ytnef versions 1.9 and below. These could be exploited by tricking a user into opening a malicious winmail.dat file.
863155d81c8f400b25a4c4da9abcbe4f9c556d4ce5bca22e8188cfbb64d6d669Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.
43fda03afc24d1a05660bc4321ec19661ba3c068b6c93e616a51d887d736f241OpenText Documentum D2 version 4.x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution.
6fbad60d58b433df1796ee0732b8f646b591cb22d703a73a10ae6773eee2be66Cisco Security Response - Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an unauthenticated, remote attacker to change the startup-config file and force a reload of the device, upgrade the IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software. Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install feature itself but a misuse of the Smart Install protocol that by design does not require authentication.
710f50b6b06fe5e115b57cbe592f3bcdf8a41ddd4acd0ce1cfa610c91c585c24HPE Security Bulletin HPESBHF03703 1 - Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
acee65a7f7bf8e6864f7a5a2cd37a53233475319b0b9438bbf1aabc525e19afeHPE Security Bulletin HPESBGN03697 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol could potentially impact HPE Business Service Management 9.2x and Application Performance Management (APM) 9.30 resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.
f0c06ebaec88aec23e84f37977d91e2eb98e5a99892aedf3a308541a60ec2218Red Hat Security Advisory 2017-0275-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.221. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
df4c6d6d122373926d9c58ca23abee2e6553b7bbd2d6c7355aab32acb9b7e74bRed Hat Security Advisory 2017-0270-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
b402cbcea2c91801d89322ab611f389f87c85a4c5c6f65a271fc93df62547a68This paper documents deeper dive details of the security implications noted in CVE-2017-3241. Coupled with the JtaTransactionManager flaw from 2016, it demonstrates being able to achieve remote code execution.
934326ba2ee571c82aebb0cf5a71a24e7e74c20c069dcc353f0894a82feadcfbKomodo Edit versions 9.2 and 9.3 preview browser buffer overflow crash exploit.
d9509108b37c384f457a5ed9ec6ff729a4605d809e1bc99d374e011b46ea3184Oracle VM VirtualBox version 5.1.10 local export mode crash proof of concept exploit.
cbf4a00ea549d7de8f0ecfa958019c2746e81a373d5fd0665ba6da8ba7119aa8Proof of concept code demonstrating a WebGL integer overflow from 2012 in Mozilla Firefox versions prior to 17 and ESR 10.x versions before 10.0.11.
007ca774585a830b71b08631a7e5718fc0eb3a94767134d2128687b2e2c600e5NVIDIA suffers from a buffer overflow vulnerability in the command buffer submission.
49c0af04b53317ce1aac2bffdd6715784a5cd58b2d348367b7939d07168f6210Microsoft Windows gdi32.dll suffers from a heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records.
d0ca2b1e68af6ecba9127350d1b5c5811569cae43fc77b1d9e747306e1e9aef0NVIDIA suffers from an out-of-bounds read / write vulnerability in escape 0x100008b.
507ca94d45510845667200565a23331966631f9d216cf86a4eca35a7423a8e5bRed Hat Security Advisory 2017-0272-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. This release of Red Hat JBoss Data Virtualization 6.3 Update 4 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 3, and includes bug fixes and enhancements.
f62988350cc956a1bacace4a5fd0e071532f41b7c6c5ec0ca6fc769631b8d619Ubuntu Security Notice 3196-1 - It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.
93a3a63f183948f98ba44574ebc7c6018713099ee6eeda9cb488a74da210e230HP Security Bulletin HPSBMU03691 1 - Several potential security vulnerabilities have been identified in HPE Insight Control. The vulnerabilities could be exploited remotely resulting in remote denial of Service (DoS), cross-site request forgery (CSRF), remote execution of arbitrary commands, disclosure of sensitive information, cross-site scripting (XSS), bypass access restriction or unauthorized modification. Revision 1 of this advisory.
5a6300cd07db8aac889b73990a0bf5f4d05a4d50059bb2513a0f1e88ece0ae94Itech B2B script version 4.29 suffers from cross site scripting and remote SQL injection vulnerabilities.
8e1f1a65759427b26ec79b46063d2e78373e39bf013568f9bdbae53aae2c6dba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed