easyLetters version 1.0 suffers from a remote SQL injection vulnerability.
d40ec02fffa5caa81ccb6b4d4abc353e78198ab0b67d02ac9bb830727e27e2e4Red Hat Security Advisory 2018-1725-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
34a837e6700cb860342e157f23da394896e4dd95807b390148d9e83b2e7f0e39Red Hat Security Advisory 2018-1724-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Issues addressed include a deserialization vulnerability.
2e5dd86e7bb7be2ad0379be9bb23b5763cf5029804d3da6d6184572e3beeb0demySurvey version 1.0 suffers from a remote SQL injection vulnerability.
9e367e231b02557e14dafedec14bbd7d8a17229e1a3d4574a905f967ec9dc0c1Ajax Full Featured Calendar version 2.0 suffers from a remote SQL injection vulnerability.
7e4cb4721904b05551a81aedec87cece96197fd63c1c8340e14ad44d6f68d0e9Red Hat Security Advisory 2018-1723-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Issues addressed include a deserialization vulnerability.
336aa8a03be2a5c8ac78bdbe977acefaf909e808d197a57be5714d9740292384Red Hat Security Advisory 2018-1722-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Issues addressed include a deserialization vulnerability.
edc73d4ed7139837602c028e2ae9536c4f1081766c634964c910b44a2140e2d2Red Hat Security Advisory 2018-1721-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Issues addressed include deserialization vulnerabilities.
0272152fff5c50359d88831a1d656b2adf44cce4c367b7458def6c8f94cc9d77This whitepaper explains deserialization vulnerabilities in Java, Python, PHP, and Ruby.
6093b7b1afd7e2cb2437200d5e7cef8d3ec52ada1f7c203878f7c0778ab52c61Ruckus (Brocade) ICX7450-48 web application has a reflected cross site scripting vulnerability. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information.
27a7cd8a7a62e0be86fc0d1b264684c922b4883cb9b420bbfe2e830d0dc023e0Debian Linux Security Advisory 4210-1 - This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update).
e7dea1a2627fbb19e4616f6132a1e36513ef8af16446a94b6535d852641ce04eDebian Linux Security Advisory 4209-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
8bbe58c3e9149d6a999adfc2a891c12ec7ba1c9b3ae6957237c80f7104c859b5Microsoft Windows Paint suffers from security feature bypass and unsafe file creation vulnerabilities.
e6fef4e0b9ef146905d8a071b3b29604250562d956ddbfa3221083d5aa8a09c9The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
bf2758f710f5c4fe5241aa4cde9fdd9079abc1121a02d1ab0b1722bc127d65f2Oracle WebCenter (Fatwire) Content Server versions prior to 7 suffer from an improper access control vulnerability.
11b66a517d85ae5791cf12834f198989ebf759b0c1b2dbbb348334070c9ccc5fSAP Internet Transaction Server 6200.x suffers from session fixation and cross site scripting vulnerabilities.
c374e8d14e78e73390da1e10fc4c4271a42c7efb1f8f9b21ddcf6ecbea0a04e7MyBB Moderator Log Notes plugin version 1.1 suffers from a cross site scripting vulnerability.
646be467fbb3c4182ed953787289ccf1a8af62a09848362c2e7238841160395bKomSeo Cart version 1.3 suffers from a remote SQL injection vulnerability.
a7e0f57a689ccff05e4bb8917e6265377c6a4da92979d293027baca984aa5555Symfony versions 2.7.0 up to but not including 4.0.10 suffer from a denial of service vulnerability.
26b7da48a7c27d7fa08e3760dbf6cd9067e7c7cd898165e49aa5ce37faddd8f6Wchat Fully Responsive PHP AJAX Chat Script version 1.5 suffers from a remote shell upload vulnerability.
0ed4e745c1fab69e002b80f43d15a180c82c3803904e06a035dbb3d0a992e38eAndroid OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.
419aa59f60c639bf9769fc664825bf713bf20d2a125449f8cf156e98eb09bb86NewsBee CMS version 1.4 suffers from a cross site scripting vulnerability.
b29734cf2cb29fd89675210cdae2a6a39fc4655c6cb7c839eb7a44375cec5615Tim Balitbang Depdiknas version 3.5 suffers from a remote SQL injection vulnerability.
3c5492e70aa18863af06b672e9e6820589355ac2400bad9a061e99946538679fOracle WebCenter versions 7.x prior to 11gR1 suffer from multiple cross site scripting vulnerabilities.
9c071f03c8c68b6284774cf48b6b05b21b05c5b4ac2ddcf9ac66353a74382ac9Tim Balitbang Depdiknas version 3.5 suffers from a persistent cross site scripting vulnerability.
10f865ba4c1ea710de4395a5eba58a68f06124679f5c912826e8f575c1199b56
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed