Debian Linux Security Advisory 4143-1 - Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.
ae578097448b181069464aaacea1cd098476dd78446feaa86438e6cee725f8df
Debian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.
969cfa20e880d889e8ea8efc67b9304caf58b0e6d52c234897c6d7c7569b4f9c
Easy Chat Server version 3.1 remote buffer overflow exploit.
735f5be79d8b5f679d32655f49ccd1a765948fdea0b9209de8b28fa32505a10c
Grav CMS version 1.2.4 suffers from a cross site scripting vulnerability.
3c51b8c87fdd6195f65212f2db81fb7b1af32f0ce2e75b37ca36f4e1de96ca81
Dell EMC NetWorker requires an update to address a buffer overflow vulnerability in the 'nsrd' daemon. Versions 9.0.x, prior to 9.2.1.1, prior to 9.1.1.6, and prior to 8.2.4.11 are affected.
8b5756c1c951caf38f0016e331a8ec8f2d67b2f26a239e12e068de0c5b6d8321
WordPress Site Editor plugin version 1.1.1 suffers from a local file inclusion vulnerability.
ee624d9b08cc8b3b1a5c94d773fd0cfa33cf5e4d87a4da5ae7e302fee1324f61
Linux Kernel versions prior to 4.4.0-116 (Ubuntu 16.04.4) local privilege escalation exploit.
5af548bd5c95eb4d430a9a86b661f4ac21ad75fd0aaeab8a2e462b2a240ce7e0
Contec Smart Home version 4.15 suffers from insecure direct object reference vulnerabilities.
91d5dff084df2346ae5b19b9503f0ec5039b89c91a2aa355b0a28fe8ba75c508
A vulnerability was identified within IBM Spectrum LSF which made it was possible to impersonate other users when submitting jobs for execution. Additionally, it was found to be possible to impersonate and execute jobs as root, even where root job submission is disabled. Versions affected include 8.3, 9.1.1, 9.1.2, 9.1.3, 10.1, and 10.1.0.1.
2efba7f49de16c0ab91885eec21b6040948eb64801f0eac0a8e9a23a88545d52
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
4d5a9b10857aa093adcab761101586ee0cb1c1818393b3df6d3e8e9b50e93cdf
Ubuntu Security Notice 3599-1 - An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code.
74623c853756f6de684fc74b421b85b7ca2096d1e93c3538b218968e1cfc2a0b
Debian Linux Security Advisory 4141-1 - Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.
b826db7da5817ae73fb9dde98c2c4eda2c21050b603201470ace614bc4d7d88e
Debian Linux Security Advisory 4140-1 - Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.
2e27e2cb43e4f20639ed09a1f5297eedf7e847d994cbd64a6a66b4a552c33d5c
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
e1946f29478066d85996dd0fbf8721c5cc98dbebaa9d29fc616a25157aea5391
This is a whitepaper discussing analyzing and attacking the SSH protocol. Written in Vietnamese.
3c0940d50691503ff7886f4897a97649067e005c53e3ce4c8cc33ecd573a82b1
Firefox version 44.0.2 ASM.JS JIT-Spray remote code execution exploit.
f719f8ea47c6ce0616cd666a0782ec9a6974470b392ebbc5a822945312f3a613
Abine Blur Password Manager versions 7.8.242x before 7.8.2428 suffer from an insecure permissions vulnerability.
d35ca9e58012e322460b49e0af6d4248438c8d2846cef5cfdd33bdffd671983f
Firefox version 46.0.1 ASM.JS JIT-Spray remote code execution exploit.
e92d0ee402f3ff8163f3651e059e3697b41c5eff957b0ff73a04eec19a6dfa27
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3
Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1) suffer from a PATCH request remote code execution vulnerability.
d1731be7e3c13eb181dffc18934b90d84ba2b0e795604b2cfbfe2829c85a1b0b
This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processed results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost and are part of APT2's Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.
7aa300429d6a0b709fbdadb7330886fba8194cbdeb3edf634379736834433398
Ubuntu Security Notice 3598-1 - Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. Various other issues were also addressed.
5fbb1400645b61a044fca73ca639b2de1ff2a14cc946b3e01c95040b0d3af675
Red Hat Security Advisory 2018-0528-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Issues addressed include a man-in-the-middle vulnerability.
372a0abd076134eead331d3655baa5f73e9be7f5fdf3e7d32cc05c357e4a3f50
Red Hat Security Advisory 2018-0527-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.
5a57b6946c0c19743f5c8d622733aebe1a42b551e4aaa2cd85bda3e5b6cd6a9e
Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
000142b4cb683ae87066a75057971417443fdc878266c68a19d146be3da88496