Camstudio version 2.0 suffers from cross site scripting and cross site flashing vulnerabilities.
3e5d7f60ff82000a0a8db9caace4dd48e2b13569296c8180aa9336a8f892ee04Invision Power Board version 4.1.19.2 suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities.
23e0d8d7d466beb225cd9e55fad020db59b5c91951a82f61a3d7dad8f57de46cAlio Applicant Portal versions 6.0 and below suffer from a remote SQL injection vulnerability.
81c26cac494ad59d3316c7f00ec4c2e1cc58148122e0631a240d169faf74c458Red Hat Security Advisory 2017-1440-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
26d6c36e4053e261e142a2e263030deba754785c2baa9807438506be570d59c6Debian Linux Security Advisory 3880-1 - It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.
31160a801c94969e250b4577f7678e30c54f1aaa510f4e3fec7abd2a02bf8deaRed Hat Security Advisory 2017-1464-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An access-control flaw was found in the OpenStack Orchestration service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
032897eb15d698c8daa35ba0177016310243178df03d3361756976b5661ecd82Red Hat Security Advisory 2017-1456-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The following packages have been upgraded to a later upstream version: openstack-heat. Multiple security issues have been addressed.
d0740cd74ad5628e329937a494fb751c4dcbd790e6e89f1a3891ce93e37c7fffRed Hat Security Advisory 2017-1445-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
ad4ca3fd49942e49f2842c91b7172c20b057eb2592c81b27f3f5b82ee1dccc02Red Hat Security Advisory 2017-1451-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
2da61be40fdc1c13cf6e5a8e420f09b72268374fea540bc91b264fb566ee06dcRed Hat Security Advisory 2017-1470-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
0dc0607dbf2fdfb7bd17e572638d802e9e2edef0aaec7d93926257b953e68596Red Hat Security Advisory 2017-1461-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7d6c4ffd475ea30ae31b4f9eebfd936963f3c4b0fac5b38ff2ae1022fa243ac5Red Hat Security Advisory 2017-1462-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
7915fc1f53635bda45e495c729f8b6b1d0b2b39a3656cb115a6f9707b46ab156Red Hat Security Advisory 2017-1450-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An information-leak vulnerability was found in the OpenStack Orchestration service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services.
f7f622210474ce153a11a6d76c433aa12351b2c15b6aa104dd851b9dd8d60d43Red Hat Security Advisory 2017-1441-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
3ad4644b24e8b2f79fa8d2b135c9f45efcda5f214c0ef67d158a2e9a2e3c9fdfWordPress Jobs plugin version 1.4 suffers from a remote SQL injection vulnerability.
36d288f2b51fa3bdab948c9eea9b96e4c06a3a12bace37fc2c29bd4a9ca418fbHP PageWide and OfficeJet Pro printers suffer from an arbitrary code execution vulnerability.
91426efc1ea9b5567578ab07e24060f0e45244531fccf1964663513d66da7575Google Chrome V8 private property arbitrary code execution exploit.
0e4c82cb0b26445271ca7f238285017d0876b28bab2d961447f449ae99f3864fNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
40febe4a4e4b583aabcdd8cfceb6ae0f366dbb2fede96e4a529340bdb6d24776A vulnerability in libsndfile 1.0.28, caused due to an error in the"aiff_read_chanmap()" function (src/aiff.c), can be exploited tocause an out-of-bounds read memory access via a specially crafted AIFFfile.
202d848dc26e5ae54a5f6242a0cbeccac3b4c74fde6383e998ebb80e44e070e2Ubuntu Security Notice 3318-1 - Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f4e9fbd06d58a6ad8959c75b013549926e1c4b169913ee8756ac561f05417da0Red Hat Security Advisory 2017-1439-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.126. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
56622534b94b964b049ed1e4821da7d9059fcdff05781f5e9f2e0bed1da809c5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed