NoviFlow NoviWare version NW400.2.6 suffers from cli breakout and code execution vulnerabilities.
a4f6a2bf779f6bd7fd829bf89764c62f8a79c20d624607782395fb373eae9fdfDebian Linux Security Advisory 3946-1 - It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.
f47f97c1d334842dbab2f91a059aa75ba333f05e615f47600a55aeb3d96c72b0Ubuntu Security Notice 3396-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.
61bdcf4a0adf7e27a0250a05d795a49892ebdce3abf08ae85fec4f7f16b253c8This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4Symantec Messaging Gateway versions 10.6.3-2 and below suffer from an unauthenticated remote code execution vulnerability.
37f1b6a529ab6c3764111b896d422a29e492f65ebe5da8352f145d76955b8e07MessengerScan version 1.05 Hostname / IP field SEH / EIP overwrite proof of concept exploit.
52953c658567dea2284dd3c2a101f0d516ac5bb26572161b45421e899aa4ba49MS05-039 Scan version 1.0 hostname / IP field local buffer overflow proof of concept exploit.
7a932bd492c2e9175792c36fa87324386a58a10ce6e5304bcbd59e0b3c685cf3MyDoomScanner version 1.00 Hostname / IP field SEH overwrite proof of concept exploit.
e2a7918398b3243711c99d06dc98c0a4c1508d04094077d1c50b4029265261a4DSScan version 1.0 Hostname / IP field SEH overwrite proof of concept exploit.
62e02657b6644e2b9dcc2c15a2732d71736997a2c87199eca88e7e55bcbb780fQNAPQsyncClientWindows-4.2.1.0602.exe suffers from a privilege escalation vulnerability.
e1e12b2da3ad4a116388e459dccf615a31e67b830ffdf31117e5b0c3910bfc91LiveProjects version 1.0 suffers from a remote SQL injection vulnerability.
0e2e40910a9b562c020cda663d763fc767cf5640ab56528f88ad87f283c5ff3bMS05-039 Scan version 1.0 Hostname / IP field local buffer overflow proof of concept exploit.
7ed261a9cd6c2588b6fbb6c0c4303ce017ca1d2d74f3e3e6fdfd7291d9fd4491The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.
8e341bd07e40327393d27cd430547711351c76ae245dc3d8b5f766e668cfa4fdAndrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
f1d27ee9e08fb4d7aba3b36609845fbfa5e959afbcd42c78b5b81f4e0bfae6dbUbuntu Security Notice 3391-3 - USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
f2d39de0ff7de658291fa799d09f1741f589d894f69f2e6a973110f4163f6cceRed Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
352725d74fb95f72e0eb2f1edd747d546b633fd9a8905c9eff78c83dc5aa4586Ubuntu Security Notice 3393-2 - USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain e- mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
8fd58062c30085905cc01c1098152f994df7c716aecd3d0a398017949e523fc2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed