Spiceworks version 7.5 suffers from a TFTP improper access control file overwrite / upload vulnerability.
8c21de358d40b3e4d696799d3baf6ffe71350af1c4dc357f59ab857c840181efHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
ed56265d5f05320dadce1e5fda2abda3ea49709b4d11b435dd1fde777fa503b6Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
0f3f1338325e1f46c1a622b30e9b90c4b54216d89e00b74816562e2659b2fc2aUbuntu Security Notice 3256-2 - USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
0a024b3bf399c95b2aeecc68c98b80da26d74f0a716f244a4f7a58f6f4bc64ccUbuntu Security Notice 3256-1 - Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service.
f4ca15580e67fd9476cb039ae24645bb0ce52d4a6c1d4964893c2575f2d9aa18Red Hat Security Advisory 2017-0882-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
b674a25c203085102059e046eef50d9ddd2935f8aeff93d3a82c1b92766c6b11Red Hat Security Advisory 2017-0880-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
b9bd3d751642aa95bc54de0d855132f51ca43ead478fb94dd12a4bd0281fe752Red Hat Security Advisory 2017-0881-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
bea0b64f2a4443e4c40404ed6aad20164128fc2a0cfcfd3afbadce45566f9ffbRed Hat Security Advisory 2017-0879-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
9cf7b3d5d5e9c44892f94ab840b31ca88fb08221f05cbfb0fa79ca231c9666f2Ubuntu Security Notice 3255-1 - It was discovered that LightDM incorrectly handled home directory creation for guest users. A local attacker could use this issue to gain ownership of arbitrary directory paths and possibly gain administrative privileges.
e3c530aa3a6c8b4341919d114315f695cce907d048180f01f6fa591ffdad7621HPE Security Bulletin HPESBGN03727 1 - A potential security vulnerability has been identified in the HPE Business Process Monitor. This vulnerability could be remotely exploited to allow Unauthorized Access to Data. Revision 1 of this advisory.
c670895b0e4a5912df150993dd947d94b91f87d7d21a889866a5c8a80da960feUbuntu Security Notice 3254-1 - It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve view is being used. A remote attacker could possibly use a Django server as an open redirect.
801ae2bcbebfea2c9051c6832ae1dc3ea158685668ddfea06d6087a5c8b1837aDebian Linux Security Advisory 3826-1 - It was discovered that the original patch to address CVE-2016-1242 did not cover all cases, which may result in information disclosure of file contents.
3423ca8a87e8fac614d9a76b1e45fc9a2696b78b085f209930549e16ff84f355Red Hat Security Advisory 2017-0876-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1 serves as a replacement for Red Hat Single Sign-On 7.0, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.
f605f848eac3677359c0cfd5d8b3c785c49225521772e40e2c87158fa837fac5Red Hat Security Advisory 2017-0873-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1 serves as a replacement for Red Hat Single Sign-On 7.0, and includes several bug fixes and enhancements. For further information regarding those, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.
79f1397e335da631c141ff1aceaea694a1d27061d7e149de62d949b51682f823Red Hat Security Advisory 2017-0872-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1 serves as a replacement for Red Hat Single Sign-On 7.0, and includes several bug fixes and enhancements. For further information regarding those, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.
9de64a6dc1ddaa346174423bdb74d8cb932ac63f63ad4c39ef144f0000c6d486Airbnb Crashpadder Clone Script suffers from a remote SQL injection vulnerability.
fe2c3fe7e764c02eb8226140c88dbf68a71fabb3b6c38420bdade7a1ca9c3ea5D-Link DIR-615 suffers from a cross site request forgery vulnerability.
f8915e5c7bacae0a5be94bb50488b379357c6226cc1624ae73cd16c7b3373923Faveo Helpdesk Community version 1.9.3 suffers from a cross site request forgery vulnerability.
cd0d8d4fed589c32ca2b88da91232f66bb2ac0d6aab89fa7ac60b139e8b44512Premium Penny Auction Script suffers from a remote SQL injection vulnerability.
e8b250848ca1d4865933522756f0c53ff994a1b6e38c487920a1276ed06c86c6HelpDEZK version 1.1.1 suffers from code execution and cross site request forgery vulnerabilities.
b1be2cf4dbd16239836335203cb6fa1fc408c6ddb11cbc022ff7903940e323cfImagePro Lazygirls Clone Script suffers from a remote SQL injection vulnerability.
6661dc89a2e493242015e4e0a5fd62cdd85c3785c2310a8938181f828edb36efSweepstakes Pro Software suffers from a remote SQL injection vulnerability.
b7bdc69ead45ae5a330592dc4f52a3a0ce0cc81a7333515ca23eda53279f4a3aDoctors Appointment Script suffers from a remote SQL injection vulnerability.
e2d1d5a7f21499e643b55aa979f867872fceadcc15ff9ed12c7bcd0f4222dc2d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed