Elefant CMS version 1.3.12-RC suffers from multiple cross site request forgery vulnerabilities.
de7243db48cddd6c808e1a9eacb1044d56649c1f9f4181acc839a3c6a756964eSimplessus Files version 3.7.7 suffers from a path traversal vulnerability.
ca93aac35bd3715340c6f154e617f228396816f0d6c00017e81d884b06b9a427Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.
ffdcb4098907eacbe478078964c23d7b8fe357a3fb8a5cf606b1d9935d33f913Gentoo Linux Security Advisory 201702-9 - Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.7.4 are affected.
76c4d959e155995070047941ecd5e0069dcc43c4077e5f8e9c14cc9087bcdc9cDebian Linux Security Advisory 3790-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.
49cc794953e2a7fa3792442d95f833015b85f773dc7987a963b5beab5882e82dUbuntu Security Notice 3199-1 - It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.
e8a7c38d5847c9eb619e356107017e6f6145e41512cc339e081a0c3d1ef48e20Ubuntu Security Notice 3201-1 - It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
aa4b9a3339b5c3377bb62c14333d747ef7a018f9172d10f35322b16f7763eef6Ubuntu Security Notice 3200-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
a61c6b895c9fb308b79806c33c686eac64252cfe20244790ee0c7c447b60ff74Elefant CMS version 1.3.12-RC suffers from multiple persistent cross site scripting vulnerabilities.
cb68cea61a5731c1d2926a6f64a75543d5ed4edbf03a18f9eac70ef5da6d6f47Simplessus Files version 3.7.7 suffers from a remote SQL injection vulnerability.
d79a21938fcd88041127624fd9f5ba1912160c33c332652fb5b2dbfdb36b14b2WordPress Corner Ad plugin version 1.0.7 suffers from a cross site scripting vulnerability.
79ca2e10f1247f6b9413b75406fbef2e991f2c4a573ac859680ce9e6ea04f3cdJoomla Team Display component version 1.2.1 suffers from a remote SQL injection vulnerability.
14e70b0fa794bf6bbc0d06320635c01f6ad5379041bf578fef7fad22c82f7780Joomla Spider Calendar Lite component version 3.2.16 suffers from a remote SQL injection vulnerability.
5782b92df61aa2dc060e9f5c3d34108a2b5de2aca18cb5f23d808cf4bf210ea1Joomla Groovy Gallery component version 1.0.0 suffers from a remote SQL injection vulnerability.
2cd4d05cbe2fc0df8ebfd27f3e7c957eb5d2ac7ab07b16a16c5814c67891b79eJoomla WMT Content Timeline component version 1.0 suffers from a remote SQL injection vulnerability.
de7c77f4f9524697a4ce40a3724a7d5156643c454237f9228e2fde7ac0103177229 bytes small Windows x86 protect process shellcode.
b8fe8bc29e25d0326cace2297fc1684495e84eb4288f471a99b735848293e156Xshell5 version 5.0 build 1124 suffers from a dll hijacking vulnerability.
adc9cfccf64d4a92b0becac91603ad2491206bbe65dbe08df6868b17d64fd5f9JBoss version 4.0.2 suffers from a cross site scripting vulnerability in the jmx-console HtmlAdaptor DatabasePersistencePlugin parameter.
d1534f71c95d9024c0e3a23e0024991e7d74c1479be8ff0756971996865d685aThis Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/testaction.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.11.0.12 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.11.0.12 firmware.
1a871ca3aa7b2e6e423f8d9e8cda9e0aa977c1488a8441163c46f083da5f5f3c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed