Micro Focus Security Bulletin MFSBGN03827 1 - A potential vulnerability has been identified in Micro Focus Real User Monitoring software. The vulnerability could be exploited to execute arbitrary. Revision 1 of this advisory.
ab13bf0e442bc072c2571cc544c143eaa85a0ddafb8372ec20be428a8152b862
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
e2a6e9ec1ae8b96e67a1f30b278fa7f17bcb3e584472afb5823947db0b4a7075
Microsoft Data Sharing local privilege escalation proof of concept exploit.
da8c6406c1abcf27d99ca4b620356d083b3c9d9f3ce24c41c93b45e85d1ceb64
SG ERP version 1.0 suffers from a remote SQL injection vulnerability.
f6b68c383cae436410bd69f36a0ef65ebdd0d2595fef8a1d17ebe5fc7c7e01cd
Exim version 4.90 remote code execution exploit.
19a743e6423b65998debf24be560524e381d039e1cadcd20d9257dd956d9b4a1
WordPress Question Answer plugin version 1.2.30 suffers from a cross site scripting vulnerability.
d44391c0448238523824c2a679caee01b4d2cea7dca1ad65ca6ab902cc45d2c3
WordPress Pie Register plugin version 3.0.17 suffers from a cross site scripting vulnerability.
057d741f7c549aed246af5237089d843b8893e0bc20ee5587939842697dfa4ff
LANGO Codeigniter Multilingual Script version 1.0 suffers from a cross site scripting vulnerability.
7ef7a20f78b99c0b6409e9aec1213dcdccc6549054e8bf691f98d9c6cc7f0723
Apache OFBiz version 16.11.04 suffers from an XML external entity injection vulnerability.
36d19f82674523cd5eb22a791b5b04960c9b88ec383c0ff4e0f963bd580a6ca6
44 bytes small Linux/x86 execve(/bin/cat /etc/ssh/sshd_config) shellcode.
569c1b818f20700e5f5bd58566b797c2f92c5f341cb5ada4c7481b026ff2ee07
PHPTPoint Hospital Management System version 1 suffers from remote SQL injection vulnerabilities.
2d4b587c33cdf76d4e73e4c8c3ff290c9508b810cfcb0d1537d816714c7afa88
Adult Filter version 1.0 suffers from a denial of service vulnerability.
9867ac15a175415eba7e8b060d59d30c7d1378360895e66c413b3675488f1fe0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
4d83dd2cb588186032dc024e4d9adfb8b6c6e6badf4d60e6ec4228200b4eadf4
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
7fb1e433412d64fcd2335a3ebe7f66437ef34d5a0d3a1df62e2476f3169244ba
Ubuntu Security Notice 3799-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
373176b69d28c5401867b4f69957eb471b3dcf79c5540b6ef157d1da8944e3ac
ServersCheck Monitoring Software versions up through 14.3.3 suffer from a remote SQL injection vulnerability.
b267f07255ac1f9527b94b152495c2752caa4c5090beb524c804d4da1757120b
The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.
e7627b90298023da272c5c16d0da665c56143382a6c2331b9af84784625a3870
Ubuntu Security Notice 3788-2 - USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
2d47b8bdf8609bcc81a667f1522f2669d082a623dae2f92d06e0b23cbe237c2e
Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
769cc3a35204cab453698f34a6b0570d79e3ff0a88450698a2577c0e6fc6a664
CommuniGatePro Pronto webmail version 6.2 suffers from a persistent cross site scripting vulnerability.
a535a63c85dc9cfff4acf85a2aa9f680d4de5f3f74f0f55765388bb0812e708d
Ubuntu Security Notice 3798-2 - USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
fd020e9154c2daad496c63782c19bbe804be952aa986f8f81262d8b5a00966e9
ServersCheck Monitoring Software versions up through 14.3.3 suffer from a cross site scripting vulnerability.
f72e50d49c38f1006ec46a87b034d9463e5d15724a14d0dd13e5b11b88e2ed16
MGB OpenSource Guestbook version 0.7.0.2 suffers from a remote SQL injection vulnerability.
58a47c1a4b51e7cc54fa29393ec63e4f2e29fe080bea156021641e14cdcf90f3
Microsoft Active Directory Federated Services (ADFS) suffers from a time-based user enumeration vulnerability.
b3eae50ee8fce1eb1e74559f4e6977c7d9770c9481f60f81641dd138862d381c
Ubuntu Security Notice 3798-1 - Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
99fd6b610927b5b8387a7632ff8dda5701451a4843acca90e6d3e48acd81d539