WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution.
86a36b1af77b318cca7a3d8fd9bf22e7Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.
a82397b74c12246840801aa85de6924cMicro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.
b78255fa627420eca82d0a77ad0d256dTourism Website version Blog suffers from code execution and remote SQL injection vulnerabilities.
03cfe8568af6f82ac7fcd8e738612593Alumni Tracer SMS version Notification suffers from cross site request forgery and remote SQL injection vulnerabilities.
ea5cd9d5a70eee5746568396cf910032This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.
9450ff4b4e1f182c2f3845ea9c3bdb86Ubuntu Security Notice 3837-2 - USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
377baed8b82a680a84a9c85cdc9060d2Google Chrome version 70.0.3538.77 stable suffers from cross site scripting and man-in-the-middle vulnerabilities.
983c9bbc501d7d7ca4d8d631173677e7ZTE Home Gateway ZXHN H168N suffers from multiple access bypass and information disclosure vulnerabilities.
835798e5ebba5abb019adf55717b5e7dRed Hat Security Advisory 2018-3803-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0.3578.80. Issues addressed include buffer overflow and out of bounds write vulnerabilities.
e510bdf95aba2e4d56e14cce8631390cDebian Linux Security Advisory 4352-1 - Several vulnerabilities have been discovered in the chromium web browser.
4cdb441fbb96629a60581147817832f7WordPress CodeCanyon-5293356-Ajax-Store-Locator-Wordpress plugin version 1.2.0 suffers from file disclosure and database disclosure vulnerabilities.
0e905f17d334ee3dab53921421008a83TRENDnet devices suffer from buffer overflow, code execution, and cross site scripting vulnerabilities.
515ae13889d41a0f5bf739405ef16b9bVistaPortal SE version 5.1 build 51029 suffers from multiple cross site scripting vulnerabilities.
6edb126f7aa16dacfe59cfa661c90adbMiniShare version 1.4.1 suffers from multiple buffer overflow vulnerabilities.
597a47d5ba041592c6980bf8d2f57017sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
431249d7af567a0c9086f93e62aa44faApple Security Advisory 2018-12-06-1 - watchOS 5.1.2 is now available and addresses code execution and denial of service vulnerabilities.
b0d98ec66ebb93dbb6524584ecfdaccfUbuntu Security Notice 3831-2 - USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
90e4e6902a9545090e0ab2f68dbb0ec5Apple Security Advisory 2018-12-05-5 - iTunes 12.9.2 for Windows is now available and addresses code execution vulnerabilities.
6166dd4109fd647d403cb0ded9565f5cApple Security Advisory 2018-12-05-6 - iCloud for Windows 7.9 is now available and addresses code execution vulnerabilities.
a97a5246cafb55557410d99f44605616Apple Security Advisory 2018-12-05-3 - tvOS 12.1.1 is now available and addresses code execution and denial of service vulnerabilities.
40f7476d0968aeca58f85deaeec436b9Apple Security Advisory 2018-12-05-4 - Safari 12.0.2 is now available and addresses code execution vulnerabilities.
21b690190a4e34b4a98bb696dca1871eApple Security Advisory 2018-12-05-1 - iOS 12.1.1 is now available and addresses code execution and denial of service vulnerabilities.
ae3f3361ecd5d12e5c03e58bb98cb19eApple Security Advisory 2018-12-05-2 - macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra are now available and addresses denial of service vulnerabilities.
a9a74ab034dc6477e6c33807c89e97a7Plikli version 4.0.0 suffers from multiple cross site scripting vulnerabilities.
4e20a5c3eff8d7f9c7eb508418b38341
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed