Debian Linux Security Advisory 3723-1 - Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code.
1d94de5f108a641a7b5e9dbc3bb7d8da7246df577309dc403eabaf566072824bDebian Linux Security Advisory 3724-1 - Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code.
8ff0cf57f3b3288f0d4eeb96051a5dfc1fb32ac32bbcb923eced76c5d2f39456WordPress Image Gallery plugin version 1.9.65 suffers from a persistent cross site scripting vulnerability.
0bb0d94ef5393df1da4ec3d3dd81c9738261921d4c15cfd9d9d4d0d680c19febUbuntu Security Notice 3137-1 - It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
5dc21582c4e5438359f7e9cbf7f3f1a05d7d569e8fb102ddc0de309ed17acf4cUbuntu Security Notice 3136-1 - Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container.
fa5f78b6a71df95c1a351871bfca0a6692f9f30f599849d1fa869ef3197ddce9Docker versions 1.11.2 and below suffer from an issue where a forged VXLAN packet can be leveraged to scan services that are not exposed.
a4e4a57ace4ef27819179237d6afd95b851a2dcb97baf0583bc8133f4f80246aGNU wget versions 1.17 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with the -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution, etc.
c9c7cf1f94f2e1d07833e7d43576bff9a1066ace4df75ff0824c5188b1e5e8feHP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.
602636acd9eb352dc892bc1bded1cab28642c3e6645b73e0d9f61fe6df4d7dd2JBoss EAP's JMX Invoker Servlet is exposed by default on port 8080/TCP. The communication employs serialized Java objects, encapsulated in HTTP requests and responses. The server deserializes these objects without checking the object type. This behavior can be exploited to cause a denial of service and potentially execute arbitrary code.
1402dee1010d43d2904c61bd152231b878698f6ba49611de5845ac70f3bc4052SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.
f2b5958d04f9bcacb801da8a3f95c98a49142000d47cd1feadd0ebc033c088f0Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.
4a74349e30018d4eadb03382d40421e1c607aee428fa11c9c661fca820e654b2Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.
b19e73ae566f67141fff01b385e124ffe916d02b99d2f4b1eb6581a9331a10b9Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.
a33d718d22481da6180fc9af25a09eb7609ae79013ec68a0eb5bd6fddea35071VMware Security Advisory 2016-0022 - VMware vCenter Server, vSphere Client, and vRealize Automation updates address information disclosure vulnerabilities.
2eb92731937c7a5f68f3b95bc7e5f57ed0efd31f7f258f98f7bf28685a4a7363UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.
ab4bfbe01de8884e92fde956506ce90ff8b75920f8923dace877792e43cd3b3bVMware Security Advisory 2016-0021 - VMware product updates address partial information disclosure vulnerability.
d9372685bd6c303cf6ae449efe2efe58514a7dbbadea4f0e2ab2d3978136abf0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed