Red Hat Security Advisory 2018-0122-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
7e24ae03539726792c64a958171cdd7e8d0564d7f165144dd5d69164bd099d0eRAVPower version 2.000.056 suffers from a remote root code execution vulnerability.
7f001238bc97ccbc94116f231f765b2e866a3adb52baeafb5f9239b2c89ebd1dIn Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete. The YARN NodeManager can leak the password for credential store provider used by the NodeManager to YARN Applications.
3f82bb70cc260897994d7a6305856fc22e38b2a30678a5ebd34fecaaebd9d69eProfessional Local Directory Script version 1.0 suffers from a remote SQL injection vulnerability.
9b64910eabca93ed730da04bc1156c838dbdf8ed8fc7b8d1f04d9aa4a4e439f5WordPress Email Subscribers and Newsletters plugin version 3.4.7 suffers from an information disclosure vulnerability.
d456a2391960d711eb34a7a7ee2d530dcb476004b3cf98aca9eca90f7cc6d81dRAVPower version 2.000.056 suffers from a memory disclosure vulnerability.
32ab215efde37984bed49a69772de0dc9526bfd76612e19d1a909864a0e0bb48MixPad version 5.00 suffers from a buffer overflow vulnerability.
ab29b0601c5b4d8a7cd115f1f3082abc374abc95d8f68b855a422ffae4383fbcApple Security Advisory 2018-1-23-2 - macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address memory corruption, race condition, and various other vulnerabilities.
8c1805de61064d31f8f0e1edc053ec2d320938ca52904bf91ded86f4bd059635Apple Security Advisory 2018-1-23-1 - iOS 11.2.5 is now available and addresses memory corruption, code execution,a nd various other vulnerabilities.
52d4ccf52d83225887797331dc30d1b05effec25f5961f68eb5b8b3866120d0bOracle VirtualBox versions prior to 5.1.30 and 5.2-rc1 suffer from a guest to host escape vulnerability.
37171e7fb0e09cca0dcc959316847810166226ad6efea84e496c535d82b620cdThis is the first version of a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.
5b63f2a5c720aa38b7f27b9291643844b2d1a03355dc59fa481251fe14fb12acThis Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.
ada5d696765b728572e1a595fac470a36fc9c4ab834fd1652c6a8cf1e8b799c1This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.
da00d7666ebcac087d98220e64d9b76abb02af42dcd0af40a1090b15bf80f97dThis Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.
bee949e92c0ea2f22d837f57390d8e28e16e861007e5e679292d373e6ac8037aSugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.
bc4cc7bf63d53a27a1eb576d08fe29628ea8da32f5518c5c866e31065558a8a7Wchat version 1.5 suffers from a remote SQL injection vulnerability.
f0b76aa08563c43cf311f7add6599fbdecc5e613104587ae695c04355e8ccbcbZechat version 1.5 suffers from a remote SQL injection vulnerability.
8d9ef4d8dff78165761fe17d9a67fc66059baf27656ad4f29b8ec15611fb1088Oracle Financial Services Analytical Applications versions 7.3.5.x and 8.0.x suffer from XML external entity injection and cross site scripting vulnerabilities.
596ba7a1bde4935da9df89c58e1d05d2e8ba24cba2ef3cb2156029511e53d6b4Tumder version 2.1 suffers from a remote SQL injection vulnerability.
9aca5869e6baa5bd32bf0cc2a5a806fdc25b6ad8ce2c91689746d1d2b660294aPhotography CMS version 1.0 suffers from a cross site request forgery vulnerability.
1dc4e833eeb686b73d06c5b8e564feac6bcf52ca5d74700463dd16d04946430bThis Microsoft bulletin summary lists security updates released for January 22, 2018.
3e9a74199e96aa110c9dcfd51597ee4cc5c2e8fc2fb179f295928681d2f854d4CentOS Web Panel version 0.9.8.12 suffers from a remote SQL injection vulnerability.
3db41401f2e00a5db932e37c8fc0a771ed760a70844c881bcce7d3a12b328d04Quickad version 4.0 suffers from a remote SQL injection vulnerability.
c805759a51905405a9861c2f70fad24cc76506f0c90ed804186ca16f560f16efAnanta Gazelle version 1.0 suffers from a local file inclusion vulnerability.
1b78b6ecf7f85476a529ac421e2c39456da99c455e403aedd90caf70fc664ce6RSA Authentication Manager versions 8.2 SP1 P6 and below suffer from a remote SQL injection vulnerability.
5e5cf50a9433231ae2d545b4bbfec54819adbb735343de8cac1b06f95c596d95
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed