WordPress Feed-Statistics plugin versions 4.1 and below suffer from an open redirection vulnerability.
e5273a79600b57aa31dd4d83857b93923ae02c05119a8525daf5039584d5501cWordPress Grifus theme version 4.0.1 suffers from a cross site scripting vulnerability.
e9afb3cf60c90dfd8072595f8efd0b8b44b80320c8f00ad18b4c3c3d7b284f3cNetis-WF2419 version 2.2.36123 suffers from an html injection issue.
f2032ecfed04b20aaea0167b0a5594b0bba665f9b37b8220d3ddc6c7474cce7eBEIMS ContractorWeb version 5.18.0.0 suffers from a remote SQL injection vulnerability.
4e9c588be370b4062d5e0613f8a0132ec3ff17ae983e1a82876eaab238383a6fThis Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.
453452b6c39fc4137d17372c00e57358247a6b6b2880964c69ec6f1e59572af4It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.
d98ff684017e5e946a7321065ff44ae71f7be8af943150e911e3bcb6d1916735Red Hat Security Advisory 2017-3490-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
063aa42d2af5b317a96e97efaea11552d50af6f7771cc01899ff970dc90a99c4Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.
ca7402f15984a9fbec8de52f641b9a0f24e69d0bbb83ed78265dea987fe28a4eWordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.
ceebba5fe05822f2aed40f89dcf1eae396edc70cb0cce7c3a2bef71dbd85c27dWordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.
5ebc96aa13a10adda66518346705b8e9024837bd689de7ed6a5a146a5ade57afWordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.
5139d3b7007de8de1d23c142524608fdb64d444d2503253eff3624ff9362d9d2TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.
7330f87f7a3667cb6fa598a2593142faa0353408372b85307781681e8b6ed07fWordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
646173f5e81a1f63cb65e0e58738fb57ac62c8835c609e27e0a0a795b6dbd637WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
ae6b1807725083901c6a9501a476db389ad391985032e1b233e714bc82349172WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.
491e52f7852755e7029e0188400d67003a5d9a69543fdd91e42c7ab58563697fEMC Isilon OneFS requires a security update to address an issue that may potentially allow NFS clients to access certain NFS exports using a weaker authentication flavor when default NFS export settings are modified.
2742a8ffcef95a8e023a78f43f34950ad54b1bba89d6fe49410cccd2cfc50ddfEMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.
6374f5d7456b80eb09d37970db7dadebea51f50a17d57d392e6ff189cbc5fee8Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.
204786b1402fdbec34ba89ae4fe9ceed678dd3d6096ef0880cd0a2f1ff6cb00dGenexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.
655a32ed49ee22745ac8ca02bd5c3c53a21a5bfbaacf074229b041503865e94aThis advisory describes a buffer overflow found in Huawei P8 Lite ALE-21 HI621sft, operating system versions EMUI 3.1 - wkupccpu debugfs driver.
d40d38e0a9f14578c574f26fe0869def5ba0555d6b646ec1c96d3aea5c4ed0ceB-Sides Ljubljana will be held March 10th, 2018 in Ljubljana, Slovenia.
75dbe608b259f7af46e607005c25a461191ae85ac18fc61d3d7cca58690f0231Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.
a28797336445a321ee3b9f535cf1f6527d20a26299595c9bcfc659a304c665cdPalo Alto Networks PAN-OS versions before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
7be48f21d06d8e8fb84d281ea3b5bbbd64537ad06a4e2cece5e4add5ee476653Joomla! NextGen Editor component version 2.1.0 suffers from a remote SQL injection vulnerability.
52af61736d740de8c66194d01206bf54c6c6ef4d9a32676a8ae038bc8e9120a3BrightSign Digital Signage suffers from cross site scripting, directory traversal, and file upload vulnerabilities.
678a401a7541d4d0addd1eeaee281beaed46829a9f840998ee351e02911c92dd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed