The Android application provided by Private Internet Access (PIA) VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be exploited by an MITM attacker via intercepting and replacing this file. While the file is digitally signed, it is not served over SSL and the application did not contain logic for checking if the provided file is very large. The vendor has fixed this issue in version 1.3.3.1 and users should install the latest version.
800f549876739334d620586c15f309262e80b5ce74344d37893a980b9345e1e9
Tizen Studio version 1.3 Smart Development Bridge versions prior to 2.3.2 buffer overflow proof of concept exploit.
76ab0e7b1cd5ce678ed34550ad310cb3fc9e701de65057b5d08d1ee84d2300ff
DameWare Remote Controller versions 12.0.0.520 and below suffer from a remote code execution vulnerability.
4a4c9ff1d9e13aeac05d41ef0fa4e98e4a4c365f635327661de001c1432585c0
Watchdog Development Anti-Malware / Online Security Pro version 2.74.186.150 suffers from a NULL pointer dereference vulnerability.
1d1aa46aa3dffca08ad0ae09b967754548443a2f89a9b0f56ed5e4412201f732
The Windows Attachment Manager does not correctly handle JAR files marked as high risk when accessed via Internet Explorer 11.
55d6f4555285c911f938d1c94208c74030f6f4131f6a8f5b3412527ade760885
Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.
5122ff868395313b4aefc08b694740acaba7c14260c3145f90403015f091520e
Ubuntu Security Notice 3466-1 - Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service.
15654f7b9bfda368625350be74ee70e10914df21ae1590e6c0adaa651fe09731
Bomgar Remote Support suffers from a local privilege escalation vulnerability. Versions affected include 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4.
628baf055f0972c1c6fa79f1adf972440b7c5ee8c14fec41ee37efb1bf1f599e
Ubuntu Security Notice 3465-1 - Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.
5c34e3c728888e5bb51ce6fb31a8c69e09c89e18bf7c2c9c340b2b4830202fe0
Red Hat Security Advisory 2017-3075-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code.
902f3f20b7a3e90d479fc1b3fd04bacf4050c8b64fac72cde48820817e759dfc
Ubuntu Security Notice 3464-1 - Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. Various other issues were also addressed.
25ac05cd4bd4147a63b1bd247d8cfad5fce3534a6793e49418e3508809cb3eff
Red Hat Security Advisory 2017-3071-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.
83d626d761ac5b1571348346a206a3346fbe4cc8a141d14a89a1ac2a9aad2203
HitmanPro version 3.7.15 Build 281 kernel pool overflow exploit.
408bf8b107019c5f2a85c3f424fae90139e0c7cc821429e9f874f8e28211b69d
PHPMailer versions 5.2.21 and below suffer from a file disclosure vulnerability.
eeaeefcdff3722b2ec1cf3d9459357dc5de426bb7f1c9fb2f39b503acf3a27d4
Ubuntu Security Notice 3463-1 - It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message.
8d133b0cb1c8a7c0ca926fa9d77a07bcfff12fefa3f47dc07a668322984d7532
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
da5e7c56de700078c640a0eaaa287e9643cb97d56dc08a942a48fbd3fe8700f1
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
7df6298860a59f410ff8829cf7905a50c8b3a9094d51a8553603b401e4b5b1a1
Mura CMS versions prior to 6.2 suffer from server-side request forgery and XML external entity injection vulnerabilities.
c741fa594f6ecdac9c58e2a524f6ef11f7b20005c381775459dc8b4332c6578d
FS Shutter Stock Clone suffers from a remote SQL injection vulnerability.
b03d0d2ae4dbffe3e2a8581d0d8cfe905b13a447a0b904b2b58e281444538f34
FS Thumbtack Clone suffers from a remote SQL injection vulnerability.
4676e679078b5d30f8b727ef735fa41aa70c4e777df264bc33615df5b55ff764
FS Trademe Clone suffers from a remote SQL injection vulnerability.
2c7628a451f7e42509025ee13ccb7d4cab819c455ff2513dacc9b5a2ba24788a
FS Monster Clone suffers from a remote SQL injection vulnerability.
ee5a6e1e75975e5578c4906c309a34c30b53ea2ecf3c72b2cc19e80b87d4e1da
FS Care Clone suffers from a remote SQL injection vulnerability.
97cd6706ff38ead6bbb290b2a4228364e62e6c2bdb44699e2f2fee01a5b87303
FS Crowdfunding Script suffers from a remote SQL injection vulnerability.
2fcfe6b3957e9208e9d07c8d948a930167e2a1720cc80433b922a6e8ce6fb09b
FS Realtor Clone suffers from a remote SQL injection vulnerability.
365b962ed908ebe5642c162c0fd4b3ae512e4c3ec4b6f6560d702adc42a4fe1c