IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
f8bdea7a53ee5a4ab20fad1a03f6c2a2dfaa0823d9fec5b982ed96aa724d1965
This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
9eb1e6c5340ea76cc93256435c463b701834212afc1bee15eb34fd6f73202c7d
This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.
8ea98d2b410cde645149d0474ad59d7f8e2ce8335f863b066bd6f8eb38a90c6e
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
bba5cc534430055871650418688d8bd274553666faeff961389712559b5bfd4e
PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability.
6f27a9a828724a7736a1b7f2889f126f8efc3b2f3c3807b27c60ee7904f9b16e
Gentoo Linux Security Advisory 201707-15 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 26.0.0.137 are affected.
b54a48c947a7dfb938de79745dadfbe6833942362e61f88f02dd1ff53e7f1773
Oracle Integration Gateway (PSIGW) suffers from a directory traversal vulnerability.
a928b26bb52db254d90152adf71ca5f1c3b5396816e4438de681c568e6c5aa90
Oracle Integration Gateway (PSIGW) suffers from a file upload vulnerability.
d9ee0be871c0b0f0f069b8a93479455bdd763e04c083da6de4a89e7f280bc623
Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.
9baff8fd7ea7ecdd219dd2f97ec0f608150440181c7874a88448885e8ba30f70
Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
a02dd5836ffae854b87f99a0c65d15d6c8e6dd7ae37fde2f48b13dc8494472d6
Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b728a817657de92c7a8e7a3974a7db179927290da525b28390f7ffee93bfc9c8
NEC Universe UM4730 versions prior to 11.8 suffers from a remote SQL injection vulnerability.
9bc22dbc596c325410c6890c434f2f7104984b425924ee7352b1260be9487f23
Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
5292643705b2a592ce4d79010191e3052ef98b5f67f2a9fe9356b30677b6295e
Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
f6c72c4517098c3e7034d35d6ba98acffde8bf0131ee5bb5000e212e653c3fcc
Apple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
c13a5cb60055a2f9fb0fc52c32c0f5cfdd41d6b2a43d5d86a0dac83a01cd277a
Ubuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
dd0fe2c526143d34a107f7f383bf5197ebc0f403d7b65cfed4142a62d732f7a3
Apple Security Advisory 2017-07-19-5 - Safari 10.1.2 is now available and addresses spoofing, cross origin, and various other vulnerabilities.
45581232806476f5919c8e4e4c4fdf08c450b51103777da433824e0c8b3de277
Virtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
816fa95055239cb95ffb77c4c4aac690fbdb7a852cd92f2696db296e8f9c9146
SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
29ee0636ad9ced1631d22d05accf2192ac275e9c7db76dfbc702f6ec0720de02
Apple Security Advisory 2017-07-19-4 - tvOS 10.2.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
798e9c95aeaa853124be2fc126e398e496507dcf41bb26e2e72c942964f741a3
Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c2386596faece3a8190c5928d9c879c09f797743015282506baa7e3339d72ec
HPE Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
3edfee76e1994530da7a06fe189c9516c8fd4b472f41291e675135108bd439bc
Ubuntu Security Notice 3358-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
d2cf22e826ff1c4d35650ee61a489bed7dde9575afc78303e036d460dfe637d3
Red Hat Security Advisory 2017-1793-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2. Multiple security issues have been addressed.
736af5abc072c79d5f321c80bfb71391a4b91c50e5670e5d50a8172ca59aa559
Apple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
bcc56d96708e760ecf0c7d3255dbf1e45f11507054dc7e9d429392beb7658554