DCFM Blog version 0.9.7 suffers from a cross site scripting vulnerability.
7f85f345bfb9584c740071aaf0ba13726bdd4825ffb6d5f54cd2f5c8151662baDCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability.
3eb2a13ad07f20d97cd79ab56f4147df3b71badb0a689fd4022b31ce5716ca45Ubuntu Security Notice 3130-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.
e29cc974b99c653e8595c5283afc2543bf4f25c83ab9219f573aedda2281d0cdRed Hat Security Advisory 2016-2807-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
a747ee41bc1c78f0329cb06102ce7044196717407b83c8ba83cdc599fc05f1e6Red Hat Security Advisory 2016-2808-01 - This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
6aabba5392b13a85b44e0e196d13a81b259818172e29bc8bb40c46530f9dfb13Red Hat Security Advisory 2016-2802-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
725da1b5c613bcd982c7bcfe20324be7b1e25d2d226b08cabed951c85a985649WordPress Answer My Question plugin version 1.3 suffers from a remote SQL injection vulnerability.
55f8bf868beda04e015a3abf5f318cde9a2d7069dc4c951dd8fc0ef31f8a52a2WordPress Sirv plugin version 1.3.1 suffers from a remote SQL injection vulnerability.
7598c29bd332ccbf10f665c9f8d80ee342b44fd579d74abc877baca8a35a0e39PoisonTap exploits locked/password protected computers over USB, drops a persistent WebSocket-based backdoor, exposes an internal router, and siphons cookies using Raspberry Pi Zero and Node.js.
5bc22f24e99b99bf272fbc910a2bc89f6ab53e64b129185daa574df9df645c7fUSBKill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
8812ceb2e76d914a7759e2d35b7f9396cbce2e65355bb6baa92cb80c669d4f9dWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
f9acef5e9a9021a400b4244fafc06969f41ec594ec57fd7f0ff63bafca0055b3The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
bf55395a691cf0ada9f2c6464d1966775c14884dbef5924749ea215c5e0b568fThis Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as the current process owner. The module can be configured with credentials for the remote host with which to launch the process.
69e871d16e65feb44748c1777776eaa7515e2ac4ea1c947a9dde02de854fdd98Debian Linux Security Advisory 3716-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism has been fixed.
656343001b31a499c024493fd7fb5830ebc134988b99415fd813e06551b04c33Gentoo Linux Security Advisory 201611-10 - A vulnerability in libuv could lead to privilege escalation. Versions less than 1.4.2 are affected.
290eb7d239c48c0902769e4db7b1c970874d25c71930c3bc68ad020aad6736bcIn an attempt to address DLL hijacking issues, Emsisoft has introduced additional security issues.
3adced441acb8daaa8e7985e221c41156766e4a6efbf1c4eb4fa72158ea75f09PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
3b9da175e21d117757392220781c69a266428f56c4bb155bc798c806d15ebc15This bulletin summary lists one bulletin that has undergone a major revision increment.
8936f937d0480cebc279d700bbabc01ca829aec407d814c762c85f98cdcd99b3In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function trap, and the extra parameter is of a different type, this can lead to type confusion.
d7ea56cd00bb283459fd55c24ac87e4186f692adde4a4facfd812d4b0ca61f2b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed