Debian Linux Security Advisory 3691-2 - The update for ghostscript issued as DSA-3691-1 caused regressions for certain Postscript document viewers (evince, zathura). Updated packages are now available to address this problem.
bf9ecded2517b9f70685b5a6c8769f95d5d255e233f8c459042e69a9ec20904d
Gentoo Linux Security Advisory 201610-11 - Multiple vulnerabilities have been found in Wget, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.18 are affected.
fe8f321799648fd7117d0c42050293a7b7f3f611b64a3ef20bfd07261e897964
Gentoo Linux Security Advisory 201610-10 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 23.0.0.205 are affected.
d39c84f97fa4297c5874418e8f05337a85e75281733dc564c0a9e2b478143b2a
InfraPower PPS-02-S Q213V1 suffers from a cross site request forgery vulnerability.
b37af8c08805ea7640d8d197d165127c38864d0ee046dfafdd39b966e6aad3fd
InfraPower PPS-02-S Q213V1 suffers from an authentication bypass vulnerability. The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in 'Function.php' checks only if the 'Login' Cookie is empty or not, allowing easy bypass of the user security mechanisms.
77b1307af346ecfe3c45afddb0b9cec1987678dc3bb89c1d98a3d49a9d11a2c7
InfraPower PPS-02-S Q213V1 suffers from an insecure direct object reference authorization bypass vulnerability.
9312fbf0e0e08332d0ec2f279cc8ef20eef67898caba5aeb42438d468791552b
InfraPower PPS-02-S Q213V1 suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the telnet daemon on port 23.
c22e5f79189599a09a64a8e8a09ef273e57831a00e9bfcb6261740a9f82efae3
InfraPower PPS-02-S Q213V1 suffers from a file disclosure vulnerability when input passed thru the 'file' parameter to 'ListFile.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
ad79cf9d2792971f12b4467e9bfe8405b2023253e269e5156772d5997b5f9649
InfraPower PPS-02-S Q213V1 suffers from multiple stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
c2ab6a1f6aa6c346e39e4bcbbc37acf45e0c10c36ae3954846da361ed1e8c2e5
InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
4bcd9fe006926b7e4e5923315fea8553003213cb95f58a40f72204f494f581c8
This Metasploit module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character so that we hit the match on the regex.
ee20d372ed0f1e30bd8d9b8a767eee792e35e7aba086370b04a670a286abf66e
PHP Support Tickets version 1.3 suffers from a remote SQL injection vulnerability.
a27060d874f333afedcca3b251ee3aa8c31e17ba488a19b028c19ace2d6ad266
PHP Support Tickets version 1.3 suffers from a local file inclusion vulnerability.
77ce766da24cd320c33836afab1cba31c7c36fbc622860543bfde78eaf3e05f2
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
4bda6fb87674c7f402564351b142fcda6b5397b66d0d7edb6a8f0d46a70de5ab
tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
abc17e25afc1b9e74423c78fef586b11d503cbbbe5e4a2ed323870f4a82faa73