phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
46f778fd23af1e4e604d32a71ab007e759502445aee2fac99855d70658df179c
Tapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.
4c2ac67c5b46a7a29eca71bdce6d0d5e4bae47240cc009a9db8ee3f28921ae2f
Ubuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
9587c69c7756e324145670c1fa02e480461438c991a57a910589e604dd2916be
Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
e98ea598a4eabbb5087a8a2218a2de8f5f9a525c48b0b236080247fe6427f405
Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
ef38fe69a1b2b013844637997c00e81a3fe74fc6d31ef0d68664ca8f80f25e78
Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.
3d67eccee429a5b3bec862d348e0074f9353a2c70c77050737f7b24e3cf0581b
Debian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.
81a59b7cc1ef7d34159e6e65e525185ed75b9cf941edcd194b74c93ca269d7ba
Micro Focus Security Bulletin MFSBGN03810 1 - A potential vulnerability has been identified in UCMDB Server. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.
ddc6aea3c24bc784e453f484248914290756fc2f5d2a6ed9a992f955022bd340
Micro Focus Security Bulletin MFSBGN03809 1 - A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.
c35c0fe3546bf4b775e3a4e6cb89b9494564d95054a47f97805362fa22e3cb30
WordPress Redirection plugin version 2.7.1 suffers from a code execution vulnerability.
6e03c93d4bc0c24637449acea5c75634bca5123ff219155cf49649fbad878f18
CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.
e96803cc63a6f3f9a3937d46a106a0ea76325469c5a8f0baba0c2727dc8b5776
Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.
a6a84db972550427bdbffef1187ca381b22ab72d451b794ffdc1428708a5aa70
Easy Chat Server version 3.1 add user local buffer overflow exploit.
84704312867b1f53e61dd87b7de51fb6a85f2b990333e6f7abf44b718dcc9c9d
RSA Authentication Manager versions prior to 8.3 P1 suffer from a cross site scripting vulnerability.
2b223860956e93ac2c2acca73aaeef144d258adc465344b1754d85ef3b5684cd
Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.
5a5feaaf506512f745c53f9e670f39ae79f695bebb733d1abd47c840d8bddca1
Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
70613b1dd8bebafbf47b8ff616c76fc30f6a92857dbf198e9f0fbe3db6e8e22f
Red Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
19ab2687ceb485d0479ff41218a79b7bd4a249b760c23a13683264c202621293
Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
0897462e75854fb4e6baef305d59332291756546f6848648d42df67f1e8ed263
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit that can lead to leaking of sensitive data, code execution, and more. Various 2.20.x versions are affected.
c0220c58b288dbb3089fcc06182e86efa1aa62220a826e40338a53ed4207e04a
Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
60f255fcb7dd889a143694b47735ea1ee2e3231d8c3486947620ea6096bc226b
Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.
779e58431c2af113e03ed8db2a2c230b0e6986853d41570ca3eeafc0829d4138
Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
05ad4392d125c7b662cb1712b5aa9d236d115c9f15d0ec8ebbe0e97a51fde01e
This Microsoft advisory notification includes advisories released or updated on June 13, 2018.
b81a1d6199c844c4cc6acc1813b9b373ba7ccc1bf07803e89c7c4462e02270ff
msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.
8e49a427b89e77829f637050b63b7f3b4b807da701532e1a03fa3df59ba6be22
rtorrent versions 0.9.6 and below denial of service exploit.
f7be24ced979554cd7ece10f47684061f0d8fff02b634f27179262b3a3a47322