Red Hat Security Advisory 2019-0374-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
94cb3b914e24096a9953d2552fa161db349fd60fcbcc64c1bce30759ea79c657
Red Hat Security Advisory 2019-0368-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include an input validation vulnerability. Does this look okay?
fd8df8cb4e6e0db493f1f71689b9f8c28fbec63a0146be1127bded9a26a70976
Red Hat Security Advisory 2019-0366-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
d3b3ce54e51fb837ee55b210bef2e4adb0ebb11e803bbd0a54c2b9e2194299a3
Red Hat Security Advisory 2019-0364-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
a228d9418494e5a5cd97d703c55108239e82d26c2deebf111ebb52fd2adf1aec
Red Hat Security Advisory 2019-0362-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
09b757ecbeea503e2e2dd6f7ac771af07bbaed81be2e458c03e54c8290188e5d
Ubuntu Security Notice 3893-1 - Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
d764a48abf0e545fcb7ac51dfc66b540808772988998742ed8bf5aa6f538b5b8
Quest NetVault Backup Server versions prior to 11.4.5 suffer from process manager service SQL injection and remote code execution vulnerabilities.
d64452d985968041fdc707a0dfbae3290f40711c502eb6aaaeb24a77072e2e6a
HanYazilim Paper Submission System .NET version 1.0 suffers from a remote shell upload vulnerability.
9e56bb1733511e624c2769b8fd1cc00970c0a41d2168115bad4fb5aad8041809
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
e8f98353453279eb4827732971e8dc50cdcfae3e566850120c321377d7f7b477
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
d5c56603942a8927670f50a4a469fb909e29d3571fdd013389d567e57abc0b47
The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided.
37ab5bd3eec6195dfddf3099592e9cd3aad7e37d04562dd4ebba3cbc36289fe3
MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.
0ccbebf140226df810122f520adfba7097e335f9c1626f1162be12918d0909ff
WebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter.
8b5b037a7c556813e39c8ace7602b2465e0d1f1bd48644498c3c77c7c30f96e6
Ubuntu Security Notice 3866-2 - USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d3b572b9e8dd59539d1f53e077357aac14bc80c5a7b56bc9204c9a39e33d44ec
MikroTik RouterOS versions prior to 6.43.12 (stable) and 6.42.12 (long-term) firewall and NAT bypass exploit.
76d8b41f9f478dd81cf50cfdd51f6592ff6a23a044fbd5ad0d719cc3c7cef3ac
ScreenStream version 3.0.15 suffers from a denial of service vulnerability.
80f8bc6d09f3f73b635472cc2a3b5a76617279a448667494a4129e4dde624995
C4G Basic Laboratory Information System (BLIS) version 3.4 suffers from a remote SQL injection vulnerability.
105a483e409804b0fff0748e498f8c46b68c513d439a743dd34f7fe6876f970f
Virtual VCR Max version .0a suffers from a buffer overflow vulnerability.
21edc1d24274891ee85c0133cca0fcc971802d357249b4f867cef403acaf597f
AirDrop version 2.0 suffers from a denial of service vulnerability.
7ad6c43ffaed0009c5c879421a4c957c290c029e10ba022d3e483bb5eeae09ad
Medical Store Script version 3.0.3 suffers from a cross site scripting vulnerability.
9a1f801acf5c5bce1ff29459f7e08eaf2a58362ad4ce999902e39a814070683d
WordPress Village theme version 5.0 suffers from cross site request forgery, backdoor access, and remote SQL injection vulnerabilities.
27adfafedcfe47f73c1954865735f79c81c28a637bc1740b0417e8fa73c37141
Typo3 CMS Modern Guestbook tx_veguestbook_pi1 version 3.3.0 suffers from a remote SQL injection vulnerability.
a2dea393d022fd3fa2f6800c76deb936c546eb08ce2d45be2801966f31ac584e
Joomla AdsManager component version 3.2.0 suffers from cross site request forgery, database disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
01c4a4784a6d62f40a52fc15f9c5a3368ca70716e3f78820d5e7d3a4534d5d72
Drupal Pubdlcnt module version 7.x-1.2 suffers from an open redirection vulnerability.
5a5e2cc4bc34572b323417c64f4e9650678715862a7a81a19fe3a2f57fbcb7dd
Valentina Studio version 9.0.5 suffers from a buffer overflow vulnerability.
993dc07913420503fd7e4b429c9b0779d6f5e0eed0972d0e32e174e6c0172efa