Red Hat Security Advisory 2016-1406-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
057f7af5bbf54d587d8e3a6be782dd96558535d3a764714edd25ccecbe607197This Metasploit module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This Metasploit module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.
26f03a91eb8c8dde8874f73e8d5a247d4da47b1e8ea13cc74ba383ffcb0b25c5This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.
f88afc6f681b7accefabd167d71cdc67a68314ed8f27fa9389816223e5aa4fb6WordPress Easy Forms for MailChimp plugin version 6.0.5.5 suffers from a local file inclusion vulnerability.
f9cad639aaef7cf5440fda2fd29535f1cb187e2e5bf1688b5d20fa6b3111e0d5WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability.
0054cb275ef233d49c094070fb79510dc684f361c4da8889694dc76faaa05c30WordPress Profile Builder plugin version 2.4.0 suffers from a cross site scripting vulnerability.
297021f3bfa30d30d7529fbd4d4482cda32fce21527ddf190bb2dfcd57888511WordPress Master Slider - Responsive Touch Slider plugin version 2.7.1 suffers from a cross site scripting vulnerability.
ee681a6e0bc4a7df736fc4b47c1b54d308eacfa9875b9ade1c2ced88ce14d70bWordPress Email Users plugin version 4.8.2 suffers from a cross site scripting vulnerability.
d654807b929b6f367ad58d1f8550c77413849b7b0bb9c1483f72aa7ebba83717This bulletin summary lists eleven released Microsoft security bulletins for July, 2016.
f750a936dc3bcaba88af328808557515c3a38de1a59a36d5267752863be94f38Ubuntu Security Notice 3031-1 - Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.
f3417c57f20dcf30f4fa9223c6a8778e3db397f99457e4d89acee5fceeea9e5cApache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.
04f8a6de07ed3133f7856a60c7f6f21b4d9abdd91819b80ae6ad97c203cf32c1Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.
7668a8296181447642b0332f0a99e7d8f4c3bc9ac9250ca8df5203b11bf750e3Red Hat Security Advisory 2016-1395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock.
cc677eb8da4ca58135bb72972f0515d5256d313ad0931650e96b454e928c2332HP Security Bulletin HPSBHF03608 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HPE iMC PLAT and other network products. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
a4f731c6afd9d8b0d771afec7e5598fde89d382f0e5d637587497d7a2efe4e3fWordPress WP Job Manager plugin version 1.25 suffers from a remote shell upload vulnerability.
fa329d0772f010e91170d050b0fdc664722ea3b3000969ef4d3d2d9bcef8b3cfClinic Management System suffers from an unauthenticated remote blind SQL injection vulnerability.
1e4b0186dbbd5704b1e2383d8bec4c278a1589f74c1b28104d18108765b3abc1Beauty Parlour and SPA Saloon Management System suffers from an unauthenticated blind remote SQL injection vulnerability.
1f54efc3b4e06d3e6f7a22b771694ea380c1ad8ae2d4002a8a59644e205f9ff6This Metasploit module exploits three separate vulnerabilities found in the Riverbed SteelCentral NetProfiler/NetExpress virtual appliances to obtain remote command execution as the root user. A SQL injection in the login form can be exploited to add a malicious user into the application's database. An attacker can then exploit a command injection vulnerability in the web interface to obtain arbitrary code execution. Finally, an insecure configuration of the sudoers file can be abused to escalate privileges to root.
df58be25ca590f1f28576780a6be938b242bb24996bb0984cee22bb17a53c202Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
30adbd3cd4a01b67b065a945fff5e2caba574024335b5a437203f7a48cd0d996Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
be6233788c5f551bb00d25f07e4c7322da322729d845d3e0614a9822f78f967aBug Tracker version 2.7.1 suffers from a database name and credential disclosure vulnerability.
2d5b24ff4d2e81970bc492b19b1b88a44529e2a4d367d8030d76ee01fe5d56ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed