Gentoo Linux Security Advisory 201702-6 - Multiple vulnerabilities have been found in Graphviz and the extent of these vulnerabilities are unspecified. Versions less than 2.36.0 are affected.
6d526b3a704b696a9016a681dd53bf7c56c7694bfdc8266a8dee795262b2905c
Gentoo Linux Security Advisory 201702-5 - A vulnerability in Lsyncd allows execution of arbitrary code. Versions less than 2.1.6 are affected.
82d270f75e49221985702d35ec908de18e8a93bd043b6f85969aa3e3d1eff23a
Gentoo Linux Security Advisory 201702-4 - Multiple vulnerabilities have been found in GnuTLS, the worst of which may allow execution of arbitrary code. Versions less than 3.3.26 are affected.
31206f8eaf8408614d3a0a6e9d6e303fd32e4b6e8db8090724eacc5a0cdbf158
Ticketbleed is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker the ability to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed.
669dc4759a3f8fc7d705e8d378a7374aa8ecb2569e1b4a7d4d775e646c0a12ff
This Metasploit module exploits a vulnerability found in HP Smart Storage Administrator. By supplying a specially crafted HTTP request, it is possible to control the 'command' variable in function isDirectFileAccess (found in ipcelmclient.php), which will be used in a proc_open() function. Versions prior to HP SSA 2.60.18.0 are vulnerable.
2def32fe02d755ad11317dd47474037a1faca567366fe70d7255b7709aebb8ec
The Call For Papers for InfoSec 2017 has been announced. It will be hosted by the Faculty of Management, Comenius University in Bratislava, Slovakia on June 29th through July 1st, 2017.
069a55dad5818290b2c1b1febf66cdb88b41b8be3bfde65037582df783d0cf64
Ubuntu Security Notice 3195-1 - James Page discovered that Nova-LXD incorrectly set up virtual network devices when creating LXD instances. This could result in an unintended firewall configuration.
b33d1891fb200df1b719816daf78d72d25ceec6b9d4f6c1023bfcc7fc7814fec
Ubuntu Security Notice 3190-2 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
cf4cc9859b178aeba3d7971d5f7e2816de9414942d6b55bc51f88f58392aac87
Youtube Analytics Multi Channel version 3.0 suffers from a remote SQL injection vulnerability.
e7fc054b5219e4c2ed54a86ff4b85be9d672aa354b95305094b690dbbb072d36
Creative Management System CMS Lite version 1.3.1 suffers from a remote SQL injection vulnerability.
db6ec5724701de58c68abbaa190307f602c526132f68d7df9232203115f394d8
Gram Post Instagram Auto Post Multi Accounts with Paypal Integration version 1.0 suffers from a remote SQL injection vulnerability.
cbe856c7436dfc456e4e71b2bf528e2bd71c65dc78bdd72e3a05f8150842e203
Takas Classified Codeigniter PHP Classified Ad Script version 1.1 suffers from a remote SQL injection vulnerability.
855deda835837c4de8a4be5bc12b68b7512e89dd5b06a0789a60f412da28513e
Tiger Post Facebook Auto Post Multi Pages/Groups/Profiles version 3.0.1 suffers from a remote SQL injection vulnerability.
e4fd9daa211f428a1d952ad7fbbd65de8be206880484c4dc0359bded058c57d8
Zigaform PHP Form Builder Contact and Survey version 2.9.1 suffers from a remote SQL injection vulnerability.
3aa25ba7cab45a837b477b6e08b9c79041ac2a5320ab25b44049bf3fdbeafe30
Collabo TeamBusiness Collaboration Network suffers from arbitrary file download vulnerability.
c90072b649ce96590c5c5f0d8da7206ffc321ffafbc18bc42feaae216b94f639
This Metasploit module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automatically run without any warning. The module also works against LibreOffice.
1b7cc506664ea4d132ab76a0a888077b8c6444117218027b8a1181b3bd87e829