Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.
ad7e67926b83c12120e3c277cb7491ca34beb0d29e83be6e3165d8265314ea5bWordPress Ultimate Form Builder plugin suffers from a cross site scripting vulnerability.
30c734953a6cfd9df5dcae72d534c2b88c1405d19bf866e0a857c0cb8bc6351bOpenText Documentum Content Server suffers from a privilege evaluation issue using crafted RPC save commands. Two proof of concepts included.
580ee53cae3ceeb71bd5061ead172f398e5ed685fc4484fea0430f1ba5208097Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.
4b0dc2d246cc3a9756582983ff8531774c490e3ea2b7ddb569f8e43f1a06c2dcSlackware Security Advisory - New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
65ed27397a070cbe6e570a99ec7f60b265e6481a766dc4e473b659efcd02c532Red Hat Security Advisory 2017-1095-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
c4571355414950b77877a51816a24f66565ec135fb82f79a4c69cf27e893d96dRed Hat Security Advisory 2017-1097-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.0 serves as a replacement for Red Hat JBoss Data Grid 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled.
1bd54df02b3b691ae55756f86658de99780ae24abd48d537e4ba901842bb0fa6Dmitry (Deepmagic Information Gathering Tool) version 1.3a suffers from a local stack buffer overflow vulnerability.
014a2fe2f2202855bfad57c085ec71bcb8a2fd0c4311035acad667319a851c16Microsoft RTF CVE-2017-0199 proof of concept exploit.
94860eb2041748a74ccdfe99ad24e8276e83a03535808e480542e01b7dde6104VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.
f38ab6ac7db1ac5c9f60c3a076a685885892333cd88c3211cc5704218296d743VirtualBox suffers from a guest-to-host out-of-bounds write via virtio-net.
6ce8ba01f3d08279ba5be7564eae4a3179b9004819f77937f69394a783defd7bWebKit suffers from a universal cross site scripting vulnerability in operationSpreadGeneric.
6d9e305dd9fc16577996089d04a9e8ca38f2b5124a99b6df7e83db1c04d4e35eMicrosoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.
430a53cd94edd4e0e498a42cca519bca58b5345139e6f34fe55a3fac5ac08ac8This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.
5ae11d5da89c21fa2ec3f008d6534c457837c34c5f2d020a423a08192ddfde0aVirtualBox suffers from a guest-to-host local privilege escalation vulnerability via broken length handling in slirp copy.
79cd9c11d5258beceede4e3ea94c22037f513ff968d9ae2a19eeefa0afadf459Red Hat Security Advisory 2017-0988-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.
ebcca6155666f270a5597b98c7f537ba5ae9df4825a50bc8efbf6d0ff9163a4eRed Hat Security Advisory 2017-0987-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
644727d84aca416d3dd02e5d12fd3896099ec52380e4c5ba4156e4de68fa4cd4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed