Webnet CMS version 1.2 suffers from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
Monthly Archives: April 2016
CVE-2016-1339
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
CVE-2016-1340
Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.
DSA-3551 fuseiso – security update
It was discovered that fuseiso, a user-space implementation of the
ISO 9660 file system based on FUSE, contains several vulnerabilities.
SAP NetWeaver J2EE Engine 7.40 Cryptographic Issue
SAP NetWeaver J2EE Engine version 7.40 suffers from a cryptographic issue that can lead to information disclosure.
SAP HANA 1.00.095.00.1429086950 Log Injection
Anonymous attackers can use a special HTTP request to inject logs in the xsengine trace file without size restriction. The vulnerability is triggered when the username sent to the /sap/hana/xs/debugger/grantAccess.xscfunc page is longer than 256 characters.
SAP NetWeaver J2EE Engine 7.40 Cross Site Scripting
SAP NetWeaver J2EE engine version 7.40 suffers from a cross site scripting vulnerability.
Debian Security Advisory 3549-1
Debian Linux Security Advisory 3549-1 – Several vulnerabilities have been discovered in the chromium web browser.
Debian Security Advisory 3550-1
Debian Linux Security Advisory 3550-1 – enabled and the sshd PAM configuration is configured to read user- specified environment variables and the “UseLogin” option is enabled, a local user may escalate her privileges to root.
PfSense Community Edition 2.2.6 CSRF / XSS / Command Injection
PfSense Community Edition versions 2.2.6 and below suffer from cross site scripting, code injection, and cross site request forgery vulnerabilities.