The Intel Content Protection HECI Service exposes a DCOM object to all users and most sandboxes (such as Edge LPAC and Chrome GPU). It has a type confusion vulnerability which can be used to elevate to SYSTEM privileges.
d649e78ec90ab2bb58cabd020a0732e51ddfd767b2218861290b8350505c13e9Red Hat Security Advisory 2017-3485-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Security Fix: A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
b19febc2e65ff51a5e7e50e13c140bf754767a3fbfaae851f26d0fc137086b0bWordPress Itinerary plugin version 1.0.0 suffers from a cross site scripting vulnerability.
d7b3333fd0d887d35ddf459bc14c8687a77f87b251544d2303feba0514813b16This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.
b7ed3767d2e556f3c32b4d333b7a61ed02e66ba71ca064fedea6edb456ce4664This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.
52a40982d2eed44b68632a3f6deca119172cfb8a682bb8fd52169cc4b2182bbaJoomla! JB Visa component version 1.0 suffers from a remote SQL injection vulnerability.
bc4a4802db9f11d7940f1cf557d637e48781d4599af0630166c45ad7ff9e8933This is a brief whitepaper discussing how to perform man-in-the-middle attacks as an exit node on TOR.
0f52accc93bc9d4f2ed2e7393a4bc7289bcd92489c25dd669cea0e8b074a2063There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).
515090618f71572b31595b0c710c2e74b500c7981760cbca93b60481466fa253There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.
deac9cd1e6753834b079b602c10a506a085746a6093d25bcb66aa97015e0c366GoAhead http versions 2.5 through 3.6.5 LD_PRELOAD remote code execution exploit.
588a3de898e31090547edf122510407656f35323e24561b2cf63e254b71527baThere is a use-after-free in jscript.dll library that can be exploited in IE11.
532b95f0c945c3c74db85cabef11747d21ad3c48fe54f0e7aa07150204b08455There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.
99d64f82c3d7bf075a7abe383e8584579a9d5eb097d044428f5817c78c478888Red Hat Security Advisory 2017-3484-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. CloudForms Management Engine Appliance. CloudForms Management Engine Gemset. Multiple security issues have been addressed.
4a3692d773dfdb3a0baf0904f7370f30464bfe25a4d3d753f236f35e7b82503aUbuntu Security Notice 3382-2 - USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. Various other issues were also addressed.
4730777f8234166a0aca926651b742452e288c5899a8de45f4f97da1ed324225Red Hat Security Advisory 2017-3481-01 - Heketi provides a RESTful management interface which can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will automatically determine the location for bricks across the cluster, making sure to place bricks and its replicas across different failure domains. Heketi also supports any number of GlusterFS clusters, allowing cloud services to provide network file storage without being limited to a single GlusterFS cluster. Multiple security issues have been addressed.
37310c779e064bd1d7d3d726dd8ed07e73249d8788c2ea3f5b64215f3705bdfbRed Hat Security Advisory 2017-3479-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.108. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
4f3439f884f8dc482d88454ac75499493936b0ea2e792493d4e8193172ac20a9There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.
d5005d70833db3288d6f3582bebbc45f33bc2b359d5ffcd7ebdfc34a9678b7c2Joomla! User Bench component version 1.0 suffers from a remote SQL injection vulnerability.
0bd0dd252a2516a99fd813ad3c450e3bb97ba20b1581b7ab18746eae7113ef15Joomla! My Projects component version 2.0 suffers from a remote SQL injection vulnerability.
8859da0285e0084f9948d557a6115b1034b4a309c85d76aaa5f2875c6b86e9b1CDex version 1.96 suffers from a local stack buffer overflow vulnerability.
d1f98480262d7141e2f7a97dcbd74799ff903f2cbe95fe266a322535ccc79efdThere is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.
2ca8e665341886d4eb124c000b6d3ba9945621bca1bec2303b4938cb4e8e9611Joomla! Guru Pro component suffers from a remote SQL injection vulnerability.
e4c5bfd34fe63c889c62fe006a77520dcbde5f52babad3be0eec7da3151afcb7Eight different Clockwork SMS WordPress plugins suffer from cross site scripting vulnerabilities.
d6223c99604b74a7edf6c5cf012bfac5225d49aadcb5e534936a2270466a4e5bWordPress Yakadanda Google+ Hangout Events plugin version 0.3.7 suffers from a cross site scripting vulnerability.
78ac42141a2cb5534cb78dc52a018484d0bddd7d540f544274d29ca3f1bb8905WordPress Share This Image plugin version 1.03 suffers from a cross site scripting vulnerability.
b5a4b0b2e1b0bcb45a5472fdfd5c1e59a4ffb7e2f4a2f30c7e77361235912758
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed