ArcServe UDP version 6.0.3792 Update 2 Build 516 suffers from an unquoted service path privilege escalation vulnerability.
Monthly Archives: September 2016
DSA-3660 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.
Vuln: OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
Vuln: Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
Belkin F9K1122v1 1.00.30 Buffer Overflow / Cross Site Request Forgery
Belkin F9K1122v1 version 1.00.30 suffers from a buffer overflow vulnerability that can be leveraged via cross site request forgery.
BMC BladeLogic Server Automation For Linux 8.7 Directory Dump
BMC BladeLogic Server Automation versions 8.7 and below suffer from an unauthenticated arbitrary directory dumping vulnerability.
WordPress RB Agency 2.4.7 File Disclosure
WordPress RB Agency plugin version 2.4.7 suffers from a file disclosure vulnerability.
DSA-3659 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.
CVE-2015-5719
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
CVE-2015-5720
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.