iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.
28a8b1badebadad07e326e2363388a39384fcbcb1f223722393aafea4bef3345
Ubuntu Security Notice 3475-1 - It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.
dc6c25451009be5ce9782f82197c75fdc4e6f83d2f796ae27a71f4e114494fe0
Red Hat Security Advisory 2017-3123-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
28fdc5b7d9943c9fd521934c6ffa5073ede4a33357d89422643958c1f872c617
Red Hat Security Advisory 2017-3124-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8 Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
0cff01a99fabae33b338c54b5f3b0607af75e396e5993e5a2faccdc5fa1e216e
In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in various mobile browsers. In addition, they also uncover other interesting security flaws found during their research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass etc. as found in Android Browsers. This is from a talk given at BlackHat ASIA 2016.
5a69b239b2474e58b1ae71b86cf3b0aeb2d70db3a14e35ae2083a8a6439e312b
Ubuntu Security Notice 3474-1 - Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service or potentially execute arbitrary code.
868f63ea0d6695535f657289f1be16c26bb01476391f0140fecd677a0758202a
Debian Linux Security Advisory 4019-1 - This update fixes several vulnerabilities in imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.
8995848032a0fd3e8b1f811f8f39121c2d26512b03f369b89055048f6863e6cb
Debian Linux Security Advisory 4016-1 - Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client.
bf7f13f9b71832a153658aab9864211075d6645bba401c3c5a80c7d3dc77aea1
FreeFloat FTP Server version 1.0 HOST buffer overflow exploit with ASLR bypass.
87bd79a5a3aaf3db3a9c08a2705273f1b0d9a1babc34e142e265648150d6db47
CoolPlayer+ Portable version 2.19.6 stack overflow exploit with ASLR bypass and a bind shell.
2770a7c3c1fa06a4d9f54ade807802dca163b3df6f2cbc67ab49bc588a33dc2a
The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'18. It will be held in Naples, Italy March 27th through the 29th, 2018.
541556e137603510e7991490227598d63cb6214d7d5bf9e3510e7d36d60e1ed2
web2Project version 3.3 suffers from a cross site scripting vulnerability.
4e6061f7049db3f6ee28110d571a346a4c51cc5a2b74c0aa52213cf848a52f78
Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.
3f8c59e33b8267ad740a31fd21ae62122d786275ce1e9fcfc12668bdf7cb0e5f
Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.
e79e67b62c5a3db8d9973fd1eb18a3c66ece70790cdf160b8cd6d21bd4354906
linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities.
20009748ba9fa57679b1b68af63dfc63603cba2ab5a3b7c8ce30d9ad5da18322