Posted by Summer of Pwnage on Sep 10
————————————————————————
Command injection in InfiniteWP Admin Panel
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
The InfiniteWP Admin Panel can be used to execute arbitrary system
commands….
Vodafone Mobile Wifi reset administrative password exploit.
LamaHub version 0.0.6.2 suffers from a buffer overflow vulnerability.
Ubuntu Security Notice 3075-1 – Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service or possibly obtain sensitive information. Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2. An attacker could use this to cause a denial of service. Various other issues were also addressed.
Slackware Security Advisory – New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Google Docs appears to suffer from XSPA and SSRF vulnerabilities.
Multiple vulnerabilities have been discovered in pdns, an authoritative
DNS server. The Common Vulnerabilities and Exposures project identifies
the following problems:
AST-2016-007: RTP Resource Exhaustion
[slackware-security] php (SSA:2016-252-01)
Red Hat Enterprise Linux: Updated qemu-kvm packages that fix one bug are now available for Red Hat
Enterprise Linux 6.5 Extended Update Support.