Jobberbase version 2.0 suffers from code execution, open redirect, path disclosure, unrestricted file upload, and SQL injection vulnerabilities.
162e2d3be6d56d24eaeeb61cc80086b8da1f49de201ee43fc427dc8fe899af9cZabbix versions 2.0 through 3.0.3 remote SQL injection exploit.
f77cd4a0efdd3d42737adcdbcd96a0e95d10ec5bbb8dfa0c6935115663dde1eeLogMeIn client version 1.3.2462 (64bit) suffers from a local credential memory disclosure vulnerability.
3e21881c146874807c984cebd32e544f21626d0eac6b98d3aac36bc0dc6ee9acApple iCloud Desktop Client version 5.2.1.0 local credential memory disclosure exploit.
0c44cf0b66aabb0dbb6c52a53759c70e0b89c7ed4ee221f04d81ac76a5721350Dropbox Desktop Client version 9.4.49 (64bit) suffers from a local credential disclosure vulnerability.
0bd3a8c8f0e7d623ca6c0a93b89eafc1a6b96bf0bf1d166ca1011aeb8a251df2Red Hat Security Advisory 2016-1841-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.
d5681419a6bd02bb071fdd2545e78f0e7ac6d12b76097e714488542033b35ec4Red Hat Security Advisory 2016-1838-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.
3ace371b69c47fd489bf50fd42c891b4bb793fd02c5997d831efa3694ee002a7Red Hat Security Advisory 2016-1840-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.2.
009146da6ef83ea57c9580ff5b70c9c62c89f858234db94525dd921748291cc2Red Hat Security Advisory 2016-1839-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.
b7ce9425d2e37013c397ddf34049c19665b0c137375f62467d70bc149db5a7fbRed Hat Security Advisory 2016-1836-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
0707fa05cbabbda32d9417ca3c7d1ad826c785569599239061545b5214dcff10Microsoft Windows x86 TCP bind shell shellcode.
1d8914e0d11d5c684e8cafd0c154fe496482c07ae0339e77bbfe343834e5b835Dashlane suffers from a cross site scripting vulnerability in the doOnboardingSiteStep API.
8ae21cea6fb92d7febc9458b8ecef807dba56c0929a989b446a126174608f426Android debuggerd was recently changed to drop privileges between attaching to a crashed process and dumping it to reduce its attack surface. The following issue allows that mitigation to be bypassed and also allows a privileged attacker (logcat access) to bypass userland ASLR.
e3b26b923b2068794d5d67acba6581a955ecd58983ca2ae7279cff6181fca069If a method is called on a MovieClip in Adobe Flash, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a user-after-free.
5297ca949527a1f37c7a68df5d64c04365012ff2f457cbb7ba111a0c2dac12eeThere is an information leak in Adobe Flash in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter will execute when fetching the constructor, which can then free the MovieClip containing the Tranform.
7063d81c59980eddcec6a6549e6a9eed2656761e3a99db80b256f91f6bbbdf51Android suffers from an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size calculated by utf16_to_utf8_length and the number of bytes written by utf16_to_utf8. This results in a heap buffer overflow.
96cc80081d5dd685082f852a3e7f67d2a383203aa882b75afb5e24b6591cb0a8Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
a6847e741efcba6cb9d92d464d4219917bee3ad0b8f5b0f80d4388ad2f3f1104This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
9e36d98fcf465cbf54f3819f007d52be4777e317af00ae46dda8f382c44d0c0cRed Hat Security Advisory 2016-1821-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
a1daa7d26bd9b517de4ebaef6d4ee6539c7d30d459adc3616fd1d5f50494d8cdRed Hat Security Advisory 2016-1820-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
1dbb7512ec7de27e0db8351cc57920e4be83a979a014fc97b97b377f755950f1Debian Linux Security Advisory 3661-1 - It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.
a9e86f92cc14f45b8d7fcebabda47007824f43329b71e04fb31e390ae98903fc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed