WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
7d535ca7853080a8b831de38f014cd8aApple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.
a568d7158566c7148b8c1fa79bd1a522Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
3797b81d564b8029513cab464185b869Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
f77d31f8e66a2618c51fef80f516e567Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
59293157a0f21f3228071e876b5a0988Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
94c7b08f05542c1e82ef6e458f60b472Ubuntu Security Notice 3761-3 - USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
6d86615e6427f6c484cd9030a34da1d7Oracle WebCenter Interaction version 10.3.3 suffers from cross site request forgery, cross site scripting, denial of service, and various other vulnerabilities.
ad870b83464d9a944075001fc18b75fbUbuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
67a9c4972cb887b4f256e30f4bdf6d68Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
67a9c4972cb887b4f256e30f4bdf6d68Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.
34b23ee4bf4c54e688cf0bc81308cbd1Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that the web application used to manage the NAS is affected by various unauthenticated information disclosure vulnerabilities. The device is configured to trust any CORS origin, and is accessible via the personalcloud.local domain name. Due to this it is possible for any website to gain access to this information. While this information doesn't allow an attacker to compromise the NAS, the information can be used to stage more targeted attacks. This issue was tested on a Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0. The software is licensed from LACIE, it is very likely that other devices/models are also affected.
0c22c4000bdb46ed6b32781ad8339aaaRed Hat Security Advisory 2018-2693-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
ba202b454b0aa867d68b359535603f85Red Hat Security Advisory 2018-2692-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
174a341e1a9432fb9bf9abde31e54dfaRed Hat Security Advisory 2018-2684-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects.
daa05cbc1fd8bb4138ff1edf62c3b8eeDebian Linux Security Advisory 4290-1 - Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.
95ada67ea55021facccf6ed6bd2c100dRed Hat Security Advisory 2018-2669-01 - Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, path sanitization, and traversal vulnerabilities.
e2467e2f9a34b5dd740776d2a5621843Ubuntu Security Notice 3762-2 - USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information. Various other issues were also addressed.
b3f8831743a64c024a52601e55681af9Red Hat Security Advisory 2018-2666-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
641dc5403658aa3dd26200b59b29ed6aAvaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.
19f5b0846706f9c5967437b6d530042eDebian Linux Security Advisory 4289-1 - Several vulnerabilities have been discovered in the chromium web browser.
432b3a7c247732970055d96ca8d676d1Debian Linux Security Advisory 4288-1 - Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
10e2c7e46f6ca39a6c5ea6ea84540da4KONE KGC versions 4.6.4 and below suffer from unauthenticated remote code execution, denial of service, local file inclusion, and missing FTP access control vulnerabilities.
1ea70d967952d609d0b2793be81f9417VMware Security Advisory 2018-0023 - AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities.
d9129080eb942fb3be69ed15e131da6bsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
001dd095cf0009c79d3e957e256abc10
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed