Zeta Producer Desktop CMS versions 14.2.0 and below suffers from code execution and file disclosure vulnerabilities.
7b34d3b01869b6871b496570304d7e9c09086b2b712d8580375a7a234aaf2478
This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet
3d8c5a206e655ffc1020ae9dc72f79a8470fd65b1714a8754570a275ba8cf2ad
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
a93f10ff77a858d80ea8ceaf2de3218d932d08cd6154f36a815a8470659052df
phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.
dae18ef3348cf3077fd1fd7c0054e8bcb0185fb7e809a95ee03722cd6aacb0d5
Micro Focus Security Bulletin MFSBGN03811 1 - An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC) allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Revision 1 of this advisory.
32ae304d64f32a9870172cef477f105d5a8994a5cf84ac35338227db8a3dada5
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
9ddb565ccd3cfa1b04d5848eeb00478b6bf3789a0a270773a457841b32dbe50b
Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.
f4b986bf36dfb05720fc2029354aa57451279bbc79487e82145d40d7bd8a2aef
Ubuntu Security Notice 3714-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
5b9a375b7e68e29c645ccc9c61dfe743f7d5c1f9083b295b36d6d6fa792b993c
Red Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
3ae001c838be7fe63f3f17218120c104c0337869b4012d6ba095f9df05b116a8
Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
7e87933107e4717883ce5385c59d3741b7ecc791f11d4f3340888ec72b50870b
Ubuntu Security Notice 3716-1 - This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover.
17290db2f5121408e5243dd698529792611d985988392eb2d90fe7e13bb4fe20
Ubuntu Security Notice 3715-1 - This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints.
4896f5ced15bcadac389437c45f3661f78b0e481c64c6ae911366c71a739cd54
Red Hat Security Advisory 2018-2187-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include out-of-bounds access.
3cf3a4008f8603285e63957d08f151b7215154836af4d8dfe0c8ddd59cc6c556
Red Hat Security Advisory 2018-2184-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security fix: ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs Issues addressed include an information leakage vulnerability.
347d2019e1ce59cbdad13b2c91e7c6d733dbb455fb6118c1f45f4036c8fc1438
Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
412d7e1d5c3b61f0857d300cb1c0b4082cd19640e580ecfd77fb5db68b6cbd67
Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
cba802bfc2dc2746c8f8e1001e9a4923a4cf6cac8ab813f905962939ace76e2e
Microsoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an out-of-bounds read.
aa1bde86d10b95d8ca0ccfc5d06fd9edd0e20688c8eadfbfc61a463d88cdead5
Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
72887b461f9ad6058e73a276ea69a30911f90cd29b4109630d7d6c9e074102b6
Dicoogle PACS version 2.5.0 suffers from a directory traversal vulnerability.
7fd55fe723ff132f7fd29570edbc2c78e4c7ef52eb41442b183ce26f74c8a23f
Microsoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.
14c73972e0db8500904cd6efa9a56ea40e8f8fbd7ed64d7345ffa202523fbfe4
Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash.
9e8f060d028a3d93afffe9ee1b45849ed961e276d79b29bac398a156e4412c41
Lenovo SU version 5.07 suffers from a buffer overflow vulnerability that allows for code execution.
505381c5a85d355d77b918a529399b323ac27d757408670697cb8ade4852bd29