SAP NetWeaver Web Dynpro versions 6.4 up to 7.5 suffer from an information disclosure vulnerability.
8067c3689144753ad6dd851439ba0e9fThis Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.
a3aeb852830fc3dbdd714d7dccd5cd1bRed Hat Security Advisory 2018-1415-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.
a0941f737fbe0c2b91741a8ecdee350dRed Hat Security Advisory 2018-1446-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.170. Issues addressed include a buffer overflow vulnerability.
b3eefa67a3d87adff22b8155bf900713Red Hat Security Advisory 2018-1372-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include buffer overflow and denial of service vulnerabilities.
73567ccdb0af5ca9e37e65140bbb02e5Red Hat Security Advisory 2018-1451-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Issues addressed include code execution and traversal vulnerabilities.
b4e07cd6ac11bfc12b0a9880e1b8381dRed Hat Security Advisory 2018-1414-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.
b3aa86111adf63a7c2fae43dc3437fb8Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
81009cdf0a792ebb47db4215d56fbb01HP Security Bulletin MFSBGN03807 1 - A potential security vulnerability has been identified with Service Manager. The vulnerability could be exploited to perform SQL Injection against the Service Manager Web Tier which may lead to unauthorized disclosure of data. Revision 1 of this advisory.
30ebd85a2e6672c9fdf2c940e3a8ac04Debian Linux Security Advisory 4199-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code or denial of service.
6991f4c67e40de4d8cc3b49fe2433ea8Whitepaper called Web Forensics. Written in Vietnamese.
82843c871392c0d0efffb6e7058c21d6Red Hat Security Advisory 2018-1367-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.171. Issues addressed include a code execution vulnerability.
b95a2412945add36ec7e6dcb234dfa13Ubuntu Security Notice 3640-1 - Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code.
8c75b3ac007064bc9bb70bca2740dcacDebian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.
0a8ebefedcc50cb36f81573bebaba542Red Hat Security Advisory 2018-1328-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include backup related, bypass, and code execution vulnerabilities.
c1cca0ff4e0a448a1d95ed1c6b0ba48bThe WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.
21f2f7e73a000aa53bc81c6bd2ac2518This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
f976c4045dcaba09573750799d5fb25aDebian Linux Security Advisory 4193-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects.
a95e50f33116d55efc9790078f6fcb0dRed Hat Security Advisory 2018-1323-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.2 serves as a replacement for Red Hat Single Sign-On 7.2.1, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a code execution vulnerability.
d95f016799c865146b92f89b460c5288Red Hat Security Advisory 2018-1321-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.139. Issues addressed include a use-after-free vulnerability.
77498a5e5b6eaa876df51bb4f7a723e7Debian Linux Security Advisory 4191-1 - Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks.
bfe7dcef4c92a6e5e4a9b1178b6fe6f3Red Hat Security Advisory 2018-1296-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php. Issues addressed include buffer overflow, cross site scripting, denial of service, heap overflow, remote file inclusion, and use-after-free vulnerabilities.
74d414cb061c5ffff37e0dd0dcbd14faUbuntu Security Notice 3627-2 - USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.
642379a7853be14309a167bceaa1d31fUbuntu Security Notice 3635-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
85531931d71d0277a373662193a6ba19This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.
f41618034e1f76ddd17f42794e9dc6c3
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed