CM Ad Changer 1.7.7 WordPress Plugin – Cross Site Scripting Web Vulnerability
Monthly Archives: June 2016
Bugtraq: FlashFXP v5.3.0 (Windows) – Memory Corruption Vulnerability
FlashFXP v5.3.0 (Windows) – Memory Corruption Vulnerability
Bugtraq: ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability
ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability
RHSA-2016:1224-1: Important: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for RHEV-H and Agents for RHEL-6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-3710
Ultrabenosaurus ChatBoard Cross Site Scripting
Ultrabenosaurus ChatBoard suffers from a stored cross site scripting vulnerability.
DSA-3603 libav – security update
Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7
DSA-3602 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.
Apache Continuum 1.4.2 Arbitrary Command Execution
This Metasploit module exploits a command injection in Apache Continuum versions 1.4.2 and below. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
Zabbix 3.0.3 Remote Command Execution
Zabbix versions 2.2 through 3.0.3 suffer from a remote command execution vulnerability in the JSON-RPC API.
RSA Archer GRC Platform 5.5.x Information Disclosure
RSA Archer GRC Platform version 5.5.x suffers from a sensitive information disclosure vulnerability.