EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise the affected system. By exploiting this vulnerability, remote unauthenticated users could download any document from the Docbase by knowing only the r_object_id of that document. Affected includes EMC Documentum D2 versions 4.5 earlier than patch 15 and EMC Documentum D2 versions 4.6 earlier than patch 03.
f8b711fb3cd37acdb19b7ded0e6ffaa24fa21db48de448f259119829f69c42cdEMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.
c4c3f37a7b7355ed7a0f1f84276bb201809cad149d6a71b93db2e99a89a30789This bulletin summary lists fourteen released Microsoft security bulletins for September, 2016.
24e69cf37393fa5d0b669a91818d9a0355ca984bcced40a8c16cbe8fbbefe726Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.
922a5e1fd7a8d3e74cc2b4e09d237b3dd41e4acc621099a0adf20ff10239e9c8HP Security Bulletin HPSBST03640 1 - A potential security vulnerability has been identified in HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr). This vulnerability could be locally exploited to allow access restriction bypass. Revision 1 of this advisory.
4af49f4c877c915fbebd9055f890d3255a1bd47b5b7e508f79f17ad85d1ccdd8HP Security Bulletin HPSBGN03572 1 - A potential vulnerability has been identified in HPE Performance Center. The vulnerability could cause remote user validation failure. Revision 1 of this advisory.
714f9dc1cb140c3e1a6781191341cb64eb8d677cd760040a74a5a00bc543878fUbuntu Security Notice 3078-1 - Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
70fb5a6644f34b6d550d78bb097b4a44cfd9878ed35cb234d7e3bd0d2a2d75a8Android has an issue where racy getpidcon usage permits binder service replacement.
644ba9d887dcdf537c7493e2bd3450f2d0cef598b6d99e9c8bc785a796ac86e5Battle.Net version 1.5.0.7963 suffers from an insecure file permissions privilege escalation vulnerability.
229507ab5122db9b52ff5ed3b2d17270b0cc767b52dbde35844b0c9e61f43744Open-Xchange Guard versions 2.4.2 and below suffer from multiple cross site scripting vulnerabilities.
b6b00b94ecd8a6eb1ccee7f194f7bf72d2f3738376ca2774dec5ff0fb5b81020Open-Xchange App Suite versions 7.8.2 and below suffer from multiple cross site scripting vulnerabilities.
357ca5858f8f3f0f5e8af6faa2268fb1efd131b5eada5dfc41eb2ddb9239f572ASUS DSL-X11 ADSL router unauthenticated remote DNS changer exploit.
93f34477ca80d1b371bd59eec1b073b39526d51e18f1d4b32ba199d040c8d367Antisip libosip2 version 4.1.0 suffers from heap buffer overflow vulnerabilities that can lead to a denial of service.
4fb1846a03b8c8aac79c1ed6aff112685708fcfd67c525b4cfa54053a3f4db3aRed Hat Security Advisory 2016-1856-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
b0341ca2ab1e5f356ac596459438c2dfa0c9b08c3f6fa314e3310209d709e77aRed Hat Security Advisory 2016-1855-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix in rubygem-actionview: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
70bb64dcf8c9353bcb21bba544ed3251626be8563e6c58b30053f444f633ede9Red Hat Security Advisory 2016-1857-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
ff94a8072670dd5e02057584a6ffb4f6febe917dd05953502954fe95f960dfe7Red Hat Security Advisory 2016-1858-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
9d3e8c4dd25e586408c85a6de8a2a349896b9f80ce49b91e648a10f476e7e84fwdCalendar version 2 suffers from a remote SQL injection vulnerability.
eda360a51a243d20689bf0175cc89da0fbc62420b76917350111b67ae7b0a19cCherry Music version 0.35.1 suffers from an arbitrary file disclosure vulnerability.
96b710d58bf275eab928be65aea31eae56eac18aee876021c06ecb76c47164df637 bytes small Microsoft Windows x86 password protect TCP bind shell shellcode.
3ed580d8b755dbbf3ed35188735814aff589ee052051b98152bc9af672d25a2cCodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.
82753c89cb961457842b407e2a28042ca4dfbd896b15eb1555371fa0f3628dceCOMTREND ADSL router CT-5624 C01_R03 unauthenticated remote DNS changer exploit.
3f980e48cba96dc8f106f0e6c0a75038a0ee785b217fe44545a3d7abc69d1231COMTREND ADSL router CT-5367 C01_R12 unauthenticated remote DNS changer exploit.
e480d4507c963ac594953ced80b3a31a9b8aab94fa5113694da85cd569cd31beTenda ADSL2/2+ modem version 963281TAN unauthenticated remote DNS changer exploit.
7a8d3c4dbd3667e98cf6bb464cb26347ffbb09d2667a28fd71f9f5506df04ea4PLANET VDR-300NU ADSL Router unauthenticated remote DNS changer exploit.
8197ee2306f964cdd22efee0d369aace2490e04ef7b237eaf2035d705b1e7e58
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed