B-Sides Ljubljana will be held March 16th, 2019 in Ljubljana, Slovenia.
fbb29b2091cba6b0e4151f47d9e26a5b5e7490fe191b95a3202c74c1975d3e97Ubuntu Security Notice 3843-2 - USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
16d335a3f6cc410a95843958db6b463ab971c0cf43a62bfeceee657250b2e344Ubuntu Security Notice 3843-1 - It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
a14eacc72790923c62feec76f7f42eeb9bc944085c228468ecb0cdcdfe504a21Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.
b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5cUbuntu Security Notice 3837-2 - USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
8fed6ebe40d4f1f0c78717df38ab91407e184817e9673600ee7c3e3b45430861Debian Linux Security Advisory 4353-1 - Multiple security issues were found in PHP, a widely-used open source denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.
98d965a957a19f94b8ce6435161a43984df2051692685d685860e9e645957bffThis Metasploit module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This Metasploit module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).
5b93e4f728713e374facd865bf3645e22f45dbb6fc5e1b5e6aac4c62197b922cMcAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories.
151bdbc1027a4dd096823f04bd5ea0feb97a274be2ebc6612084d92dc662776eFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
91edff71e35fad51f4c54657e7aa56ccb4a9286c58bcd86b7db83c14eafc4aaaRed Hat Security Advisory 2018-3817-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix: Issues addressed include a cross site scripting vulnerability.
a521d81475dcd97f83413694dcad783d46a30e1d69f8a60f4793c757ab0eca1dGoogle Chrome version 70.0.3538.77 stable suffers from cross site scripting and man-in-the-middle vulnerabilities.
686c99bbb6418cc295a5495417a100d2846c41c5d5fb214b782fedc9a5df70c9XNU POSIX has an issue where shared memory mapping have an incorrect maximum protection.
184646768496bcb8df3d6995ff94b42fcf57e71d6591dd588a4cb6bbb6906ef1ZTE Home Gateway ZXHN H168N suffers from multiple access bypass and information disclosure vulnerabilities.
b59973a43a891cb89e76f82046c6e9a09f2a8f40393c0d94ec8abb64804aa690Symfony version 1.4.17 suffers from a database disclosure vulnerability.
80d4da67b0ea3d50489a97fd234caaf03c4b99bc83f4e9727cf59e29f429ac60WordPress JoeBooking plugin version 6.6.5 suffers from a database disclosure vulnerability.
17fc4e7da87c88e8a70048e26429d9e460a03efb195ad7be0237b59270c8cac3WordPress PDF Catalog for WooCommerce plugin version 1.1.18 suffers from a database disclosure vulnerability.
8e0ab2d4ee047fe05013c2a69aa305ecbacdffb978dc71d1438c54a2f92ece99WordPress MagicMembers plugin version 1.0 suffers from a database disclosure vulnerability.
3c9721a71832040f1f75d3a960c094d28721391a297eca6230c3f975ecbb6145WordPress MiwoPolls plugin version 3.9.2 suffers from a database disclosure vulnerability.
c9490f931cdab794d0c52a0aa614a810fa8107b47c23073122965e0602f1b038WordPress Wysija-Newsletters plugin version 2.10.2 suffers from a database disclosure vulnerability.
1ac5044abc88ab1e14fd3b64506bed4b3d25672fb4f261d96f8f4668030efaa1Ubuntu Security Notice 3842-1 - Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery attacks.
830d27a53042e4171fdb06fa615f97b6d6d61e7a9870086efbf089779ff5fda9Ubuntu Security Notice 3841-2 - USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.
5747ed0e1c204b12cd0b475edea070903282ab9ebe0de19a3ad342aa4ed536f8Ubuntu Security Notice 3841-1 - It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks.
217321086a1f3f3e6b8e367a64fae8c178d52ec2f75871959af6085a134dd97eRed Hat Security Advisory 2018-3806-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telco Update Service for Red Hat Enterprise Linux 6.6 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.
52684bd109addb796267ab2c88eba3a347d5fdccb540ef37bbd7ceb23323aef1Red Hat Security Advisory 2018-3805-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
732f76766ec4aac7f0ee7b51fcbf46ef03b8fba03d131e870eb0686475abfb7fRed Hat Security Advisory 2018-3800-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include improper path handling.
5ef017ad79d6d11c26a97528329537ca08122f2d686d4c63e738fc19fc7431bd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed