phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
40f298aed179561d60e3ea947664bb79Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
55bf9fa9e7a0502036a4c6a0c0d90f46Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.
91ace9408ba723aeae4ed05c0edaab3aUbuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
d461c5706afdf66b380cf8a86deaf4f6Ubuntu Security Notice 3684-1 - It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.
682ba37fc142ec50b37e732a6884afaeGentoo Linux Security Advisory 201806-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 30.0.0.113 are affected.
22791d9866b7d08fbdc78e485cbcd7fcUbuntu Security Notice 3684-2 - USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.
00c9c5a21a48d1c5060750b8a91b2e86Gentoo Linux Security Advisory 201806-1 - A vulnerability in GNU Wget could allow arbitrary cookies to be injected. Versions less than 1.19.5 are affected.
ad4dbfd3990efbe661009dfe20b19e68This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
5260d2ef5bb8f8bbc5edbc0ec7cb7c67Ubuntu Security Notice 3682-1 - A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
9d8d0a4e3481a5f69358902a80dbe817Ubuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
396409805add6cf9f38ac282a0bfd084Ubuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
d1a66b35374f1624dabb3b438cacb544Ubuntu Security Notice 3674-2 - USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5559e14a261b2b1caff2653f93380832Ubuntu Security Notice 3674-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the RDS protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
7580ee1c4975048c3bd3f4059fd6b003Schools Alert Management Script suffers from an arbitrary file deletion vulnerability.
6cc245a57e784529f9b7a0b8e525530cSchools Alert Management Script suffers from an arbitrary file real vulnerability.
ebbd916045de80f68e5148aadf248e0fDebian Linux Security Advisory 4225-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.
adc0a79a22e87a683003ba79045b5048Debian Linux Security Advisory 4220-1 - Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.
34f809c7056ae15863580c0c5e59f50bDebian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.
7d3ba91bea7cc4af627f93c7f93e2120Ubuntu Security Notice 3672-1 - Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.
9ee509364bd7e5d668826b242cc13db1Ubuntu Security Notice 3671-1 - Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
25303632420b77046f5c6aa93da590efUbuntu Security Notice 3658-2 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
8c11d4a226d2b323f1f81e8bb5ccbe5aUbuntu Security Notice 3669-1 - It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
fc1bfc637ae762561c44f451839b1f0fUbuntu Security Notice 3668-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
30f478a7ea99f4d7e41b68bbd1c3c994Debian Linux Security Advisory 4217-1 - It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.
ed14b6ee0b3f3db808323e7d461242ca
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed