Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
8e879696170b8b1f6b2ecc8c0d882967bb47bb12e348f1e061c984909eef85dfUbuntu Security Notice 3283-2 - Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.
78fba43163463e6413f6ff10627ce9cf71e958bb6330e4749a8eb95bd943f7bfRed Hat Security Advisory 2017-1268-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
0007e2623162483258a522432d2bf8028209d9e4813b7b7580508a084bb149bcJoomla VideoFlow extension version 1.2.0 suffers from a remote SQL injection vulnerability.
f6346ee9872949c8a92678833ae65270a5db9307b032228401ecafc0ca1e706cAlex Guestbook version 5.0.4 suffers from a cross site scripting vulnerability.
055933b640169d8875bc574472dfe2eb708ab18325639a596a789ea149c0039aRed Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
be1bec16ec036a0c7830fe3c4598296e0dca514477d0acaa83c8975bede107bdInvoicePlane version 1.4.10 suffers from cross site scripting and remote file upload vulnerabilities.
f9f183d34c1ada4b03e2201ee13c0c22983f6fc241dde0d1f28ffdf8da86a993Simple ASC CMS version 1.2 suffers from a cross site scripting vulnerability.
ca4ddb7798dee2ffb269324504f52117e33584bdf4bd32a0c994b17007d0b4aeSecunia Research has discovered multiple vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. An error within the "LoadUvsTable()" function can be exploited to cause a heap-based buffer overflow via a font file containing specially crafted Unicode Variation Sequences tables. An integer overflow error within the "LoadFont()" function can be exploited to cause a heap-based buffer overflow via a font file containing specially crafted Unicode Variation Sequences tables. Successful exploitation of the vulnerabilities allows execution of arbitrary code.
6171c4189358444433b6d183844713287c38ff36227d913c707846f7d310476cKDE versions 4 and 5 suffer from a KAuth privilege escalation vulnerability.
c554a74a267c52aca3ad742178547b8d2a015c7f0cd8cbcdba5e0a178a1d4c91HTTrack version 3.x suffers from a stack buffer overflow vulnerability.
2bcbb8ef516f46d2cef284aeb94ca91a4f7f07005d73d65830c62b8a987b454aWordPress Newsletter Supsystic plugin version 1.1.7 suffers from a cross site scripting vulnerability.
6ecae5adcbf95d5c69fe28fba37fe9ca3a5692158857b6244cf28b09cc5acde3This brief whitepaper discusses using Powershell to audit Microsoft Azure Cloud.
21b90899799a56e231053bc320dd4854fc4aaa08824b17602b35091584b50445This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
5199a2e5cc5662ac54e66b7146c5c6b94ee41102ab904bac8eb917c52c3801dcSure Thing Disc Labeler version 6.2.138.0 suffers from a buffer overflow vulnerability.
8a2edb1c1c0c32c18f1e6f48be84549d2c5b62d50ede9d6deb02b44bd03e7f8dOn Linux, the eBPF verifier log leaks the lower half of a map pointer.
ef14e5eae522759ea9bf260c2ff05b930f1f5f5dadc31821f6ec15b48675f085This is an issue on MacOS that allows un-entitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug.
63b9107547c0985f1def098507f1151fbb6c1ccacb4c0d361b420aa17ff32d51LG has an issue where a malformed OGM file can cause the use of an uninitialized pointer during Vorbis header verification - vorbis_info_clear is called on a vorbis_info structure that has not previously been initialised by a call to vorbis_info_init.
afdfbc4dd8683cc760fb99fd28315f8ac51c68ca61a0fb1a2f850952b9060614MacOS suffers from a kernel register leak via 32-bit syscall exit.
51f21ee396efaec54ab768abeb7493566d5a0076bced42dd49e3ff6f228e0a09Broadcom suffers from a host to dongle information leak via wldev_ioctl.
041b12daf028a74772de5874f4f3807b189eefcc5651de1a44fae1f291723a91HPE Security Bulletin HPESBHF03744 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
99aeebea1c35a4f406782d080470c69bf66978ba45cc37f1440ba6f370c6f25fMantis Bug Tracker versions 1.3.10 and 2.3.0 suffer from a cross site request forgery vulnerability.
657f51bab66ce5d5cf6800d27e2f3bc584ea834cf9cbd98479d947434a3b0eadDebian Linux Security Advisory 3858-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography.
e8004e244bc9ba3237af6bccc9d6a3803da5f5860ae47f04632bea3d25f01406Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
9df768ffe02abc9c9d33d36f5d1cb57af1e669c292ca02824422babbe60dd117Red Hat Security Advisory 2017-1263-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
49d9acba01c695412d6018d26794d50acb5f77b1730e133e0169fa768d25b526
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed