Ubuntu Security Notice 3454-2 - USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code.
62b33122a47c2d2785fafce032f896394e71015210dec7a602eea5b7d6c67445
Ubuntu Security Notice 3462-1 - Jan PokornA1/2 and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
4384b399869b60d559505c227d7dc753f73aa1b36d2bf6994fcaa90ab5ac8b80
Red Hat Security Advisory 2017-3047-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bbe7908cff164751122dfd84e70eaebcd87444c60de530d15e00c3e33022eecd
Red Hat Security Advisory 2017-3046-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bd482745f8dc0e105bc099c629ff47658c99a2f53808a47cb77e614bf18e5a9b
Red Hat Security Advisory 2017-3018-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
d125b2cd5c8a0482de5892becffd1b21cbff9d42397e85f157d298a35d83f3f1
HPE Security Bulletin HPESBHF03779 1 - A remotely exploitable denial of service vulnerability has been identified in HPE Fabric OS (FOS) running OpenSSH. This impacts versions prior to FOS v7.4.2. Revision 1 of this advisory.
e2d2b9631edb30a7ff9049c57731463bbe76cb777245783bd044fe3d853f4acf
FS Indiamart Clone suffers from a remote SQL injection vulnerability.
307fedbe2f62346b9be88ccc38798c64109f893de9f5f8d65c2aa7d4c29b1789
FS Groupon Clone suffers from a remote SQL injection vulnerability.
afc589af3bf71d80c6e11c6d1863f0c2aa9154bd67e8d3e430d4f7ae4f880aea
Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.
5e84ae818066bb4ac19ab58bf8766980a52ebe49a4dd880c31b67e49f4cb6e1b
Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).
b2897fa68d98d0bcdeca83e54c19b2cbffb7823e51716ff60960f9cc3e3d0cdb
FS Lynda Clone suffers from a remote SQL injection vulnerability.
552b0a0201ad717ca10e762bdba06d1f1dc05291ad9c59c6c9a1411ae1c02d2a
Tuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
614615fd533a9914f7dae0fc5c046315ec0b6c9faa00541179463892e627fd24
Mikogo version 5.4.1.160608 is vulnerable to local credential disclosure. The supplied password is stored as a MD5 hash format in memory. A potential attacker could reveal the supplied password hash and re-use it or store it via the configuration file in order to gain access to the account.
c2e3ddfdce5930e691b46f1bfda8faebea78d304b3f1c56f334c811b5b8cd2bb
Red Hat Security Advisory 2017-3005-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The following packages have been upgraded to a later upstream version: ansible-tower, cfme, cfme-appliance, cfme-gemset, rabbitmq-server, rh-ruby23-rubygem-nokogiri, supervisor.
5d6f2f797bc66745530e056e45966de331b7f4a4d539e9494b41c8fdfc0f84eb
Ubuntu Security Notice 3434-2 - USN-3434-1 fixed a vulnerability inA A Libidn. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that Libidn incorrectly handled decoding certain A digits. A remote attacker could use this issue to cause Libidn to A crash, resulting in a denial of service, or possibly execute arbitrary A code. Various other issues were also addressed.
e6c33dd10d015020c636bc7afe366c9d89616515cf6e13fda233ed454b556d18
FS Car Rental Script suffers from a remote SQL injection vulnerability.
a2da5327f7ce32851be4740784dbc0cfc272d0362696ef9b7cdc92fdf858e41d
FS Expedia Clone suffers from a remote SQL injection vulnerability.
f0fa0a5193f44053ab9fbf99b3aebfb6dacec6feb147629fc907406de0d5fb75