WordPress Landing Pages plugin version 2.2.4 suffers from a cross site scripting vulnerability.
e22ab7ef915344af44efee5210b0a05decfe86fd9fd60e328437348384d062f1WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the search function.
b130c22a63ee88f3818d8ab594345285ddd886cffa1bcc2edf0d11d982863e18Debian Linux Security Advisory 3640-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code, cross-site scripting, information disclosure and bypass of the same-origin policy.
d50f0b7ced5758fed27b5a39d77098277d67f6d245b007ad7cb534c225d478e3HP Security Bulletin HPSBGN03633 1 - Potential vulnerabilities have been identified in HPE Release Control. The vulnerabilities could be exploited remotely to allow denial of service (DoS), disclosure of information, unauthorized access to files or server-side request forgery (SSRF). Revision 1 of this advisory.
68d84f188e9bdf598b43722893cb31397086d862f7cd42988f4a6f861aed1d3aCisco Security Advisory - A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.
78a2cea7d0b8290cc2f40413a06c209ffb50d3b1aef2bd81c2e903c386d7de4bCisco Security Advisory - A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal. The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.
bcc88b7bb8c4a4333dab9ada7df933907efa223062962cef28af071259daf80bThe Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'17. It will be held on Porto Santo Island, Madeira, Portugal. It will take place April 11th through the 13th, 2017.
c20b010dbc13fcba33fc5de15774343b90f1e6cfdadb6a420767d91b445c53a1zFTP client version 20061220+dfsg3-4.1 suffers from a local buffer overflow vulnerability.
b8dc88d41f401a90725d61c4af57f38a54b9ee93b7d5e4353b3e4ef03087821aCisco Security Advisory - A vulnerability in the default account when used with a specific configuration of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to gain root access to the device. The account could incorrectly be granted root privileges at authentication time. The vulnerability is due to improper role-based access control (RBAC) of the default account. The default account should never be allowed root privileges and should, in all cases, be read-only. An attacker could exploit this vulnerability by logging into the targeted device using the default account. An exploit could allow the attacker to authenticate to the device using the default account and be assigned root privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
dc1cf6111281d30480c84e2af49e85e78fd833867d4ca60c8d5dd60974dffc30Cisco Security Advisory - A vulnerability in Session Initiation Protocol (SIP) processing functions of the Cisco Unified Communications Manager Instant Messaging (IM) and Presence Service could allow an unauthenticated, remote attacker to cause the Cisco SIP Proxy Daemon (sipd) process to restart unexpectedly, resulting in a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper input validation of SIP packet headers. An attacker could exploit this vulnerability by sending a crafted SIP packet to a targeted system. A successful exploit could allow the attacker to cause the sipd process to restart unexpectedly, resulting in a DoS condition on the system. If the sipd process restarts repeatedly, a successful exploit could also result in a sustained DoS condition and cause high disk utilization due to a large number of sipd core files being written to disk, which could exacerbate the DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
709b72ee108c411b6c7c20133962a815f9a8c96ed786029e5343a7d0c7e9ec05Atutor version 2.2.1 suffers from a path traversal vulnerability.
7d2dc31a94a36d60ffffd314cd5eefeb8657f7e9d1c878147cc716b00e4d2e23Debian Linux Security Advisory 3639-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service.
6d746f8d85a8fd09c80ac5bd87ccad04c42ba4e7a964e13ea6ba7344a8660c7dDebian Linux Security Advisory 3638-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.
e04de6812e9e2686a674a0315737bd48ecc81989e51936268323bf64692a8bccRed Hat Security Advisory 2016-1552-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.
982f50fa8b97d822ee7769419c9cd525cf7fd9404293efaa3ed43a534a036354Red Hat Security Advisory 2016-1551-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
eb54700b10a737b6e621e43694174726db913f210ed8f3d9d8f578e2fe5e7b8cPHI.I is an effective NFS scanner. It is intended to be left running in a screen session somewhere, scans randomly and requires very little user interaction. It finds large numbers of exported NFS directories, and lists the contents of directories that are exported to everyone. There are very large numbers of completely open NFS shares, despite it being an issue for at least 30 years. Written in bash.
4d49999e7cbd3abdea5d95a215b932ff2d670f5fee5e8283608f5ed63da4d697WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the administrator functionality.
21667bded8d0d3482c6b534d3ebe3039accf5360a112babf71727c592ae859f9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed