Debian Linux Security Advisory 3817-1 - Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.
f695f07a31864f9fbcba8a516dca7a7fd4e967523c42052df52113a9f1e281d0
Ubuntu Security Notice 3233-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary code.
4abb70b1c35863ded49709995ba4e6d401e8550e183f3defde0d6a4363af7dad
The Miele Professional PG 8528 suffers from a directory traversal vulnerability.
c94b17923d930d05dd075dd8fc7387a99ddd50e808d1eec813b5c76589b89de4
Ubuntu Security Notice 3239-3 - USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS.
5ac6541ec2d8b1c23c092a5bf72c90784949c38ff1917bcec981e9c9d84897c2
Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.
3e2fc05481642e4e573d91a0aec056b65ed84f6b82806e8f82f2889909da7b0d
EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
67e1f146fc5c949060425000beb0f03761a65cdb1a34e7cefb735591016086d3
EON versions 5.0 and below suffer from a remote code execution vulnerability.
c7846fe3c70cdb527a601ecf168a4bbb668fde1a6cdac12993d51150965c4783
Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.
e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800
Microsoft Windows versions 8 and newer suffer from an AppLocker bypass vulnerability.
9d1b92067f6ae28cd876b6ae4a80e1d0947df6c18468cc1f09f3c8d2eeeca041
wifirxpower suffers from local stack-based buffer overflow vulnerability.
7702a7d845f4147286735810caba8bdfbba5ae3fb84a17b4c88eb9fec0fd7af5
FTPShell Server version 6.56 import CSV buffer overflow denial of service exploit.
7a7641c431d0f588f45d092e14d5af75868943149b181c464babff71a810c013
Gr8 Tutorial Script suffers from a remote SQL injection vulnerability.
8b6a6007ea8937aa9c224d330e0df5f987f8002cc7f690afbea6394d7f18588e
Sparrow Web Server suffers from a directory traversal vulnerability.
bca941889016395fc4ea26b1d05b3ad0300e1155974bdfb8ba314432a81335ea
Gr8 Gallery Script suffers from a remote SQL injection vulnerability.
3b4d29b9be17ecd5e950581d8da3d980189292ab4e1cfe9e2316095a6a287e04
XFBurn suffers from a stack-based buffer overflow vulnerability that escalate privileges.
ca0d7ba6363a978b3d6fa7d8e7bc4884c33c240783550a711247bccb95c25733
The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force it. Brute-forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be brute-forced. This Metasploit module implements both modes, and it works very reliably. It has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with hardware revisions v4 and v3, but this has not been tested - with these routers it might be necessary to adjust the LibcBase variable as well as the gadget addresses.
9a070ce74f71e2662326a2f24f0e886e3c26c8510e555c2e622810bbc7f545ed