Debian Linux Security Advisory 4143-1 - Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.
ae578097448b181069464aaacea1cd098476dd78446feaa86438e6cee725f8dfDebian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.
969cfa20e880d889e8ea8efc67b9304caf58b0e6d52c234897c6d7c7569b4f9cEasy Chat Server version 3.1 remote buffer overflow exploit.
735f5be79d8b5f679d32655f49ccd1a765948fdea0b9209de8b28fa32505a10cGrav CMS version 1.2.4 suffers from a cross site scripting vulnerability.
3c51b8c87fdd6195f65212f2db81fb7b1af32f0ce2e75b37ca36f4e1de96ca81Dell EMC NetWorker requires an update to address a buffer overflow vulnerability in the 'nsrd' daemon. Versions 9.0.x, prior to 9.2.1.1, prior to 9.1.1.6, and prior to 8.2.4.11 are affected.
8b5756c1c951caf38f0016e331a8ec8f2d67b2f26a239e12e068de0c5b6d8321WordPress Site Editor plugin version 1.1.1 suffers from a local file inclusion vulnerability.
ee624d9b08cc8b3b1a5c94d773fd0cfa33cf5e4d87a4da5ae7e302fee1324f61Linux Kernel versions prior to 4.4.0-116 (Ubuntu 16.04.4) local privilege escalation exploit.
5af548bd5c95eb4d430a9a86b661f4ac21ad75fd0aaeab8a2e462b2a240ce7e0Contec Smart Home version 4.15 suffers from insecure direct object reference vulnerabilities.
91d5dff084df2346ae5b19b9503f0ec5039b89c91a2aa355b0a28fe8ba75c508A vulnerability was identified within IBM Spectrum LSF which made it was possible to impersonate other users when submitting jobs for execution. Additionally, it was found to be possible to impersonate and execute jobs as root, even where root job submission is disabled. Versions affected include 8.3, 9.1.1, 9.1.2, 9.1.3, 10.1, and 10.1.0.1.
2efba7f49de16c0ab91885eec21b6040948eb64801f0eac0a8e9a23a88545d52Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
4d5a9b10857aa093adcab761101586ee0cb1c1818393b3df6d3e8e9b50e93cdfUbuntu Security Notice 3599-1 - An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code.
74623c853756f6de684fc74b421b85b7ca2096d1e93c3538b218968e1cfc2a0bDebian Linux Security Advisory 4141-1 - Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.
b826db7da5817ae73fb9dde98c2c4eda2c21050b603201470ace614bc4d7d88eDebian Linux Security Advisory 4140-1 - Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.
2e27e2cb43e4f20639ed09a1f5297eedf7e847d994cbd64a6a66b4a552c33d5cUFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
e1946f29478066d85996dd0fbf8721c5cc98dbebaa9d29fc616a25157aea5391This is a whitepaper discussing analyzing and attacking the SSH protocol. Written in Vietnamese.
3c0940d50691503ff7886f4897a97649067e005c53e3ce4c8cc33ecd573a82b1Firefox version 44.0.2 ASM.JS JIT-Spray remote code execution exploit.
f719f8ea47c6ce0616cd666a0782ec9a6974470b392ebbc5a822945312f3a613Abine Blur Password Manager versions 7.8.242x before 7.8.2428 suffer from an insecure permissions vulnerability.
d35ca9e58012e322460b49e0af6d4248438c8d2846cef5cfdd33bdffd671983fFirefox version 46.0.1 ASM.JS JIT-Spray remote code execution exploit.
e92d0ee402f3ff8163f3651e059e3697b41c5eff957b0ff73a04eec19a6dfa27A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1) suffer from a PATCH request remote code execution vulnerability.
d1731be7e3c13eb181dffc18934b90d84ba2b0e795604b2cfbfe2829c85a1b0bThis tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processed results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost and are part of APT2's Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.
7aa300429d6a0b709fbdadb7330886fba8194cbdeb3edf634379736834433398Ubuntu Security Notice 3598-1 - Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. Various other issues were also addressed.
5fbb1400645b61a044fca73ca639b2de1ff2a14cc946b3e01c95040b0d3af675Red Hat Security Advisory 2018-0528-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Issues addressed include a man-in-the-middle vulnerability.
372a0abd076134eead331d3655baa5f73e9be7f5fdf3e7d32cc05c357e4a3f50Red Hat Security Advisory 2018-0527-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.
5a57b6946c0c19743f5c8d622733aebe1a42b551e4aaa2cd85bda3e5b6cd6a9eDebian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
000142b4cb683ae87066a75057971417443fdc878266c68a19d146be3da88496
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed