Several issues have been discovered in PHP, a widely-used open source
general-purpose scripting language.
Monthly Archives: February 2017
DSA-3782 openjdk-7 – security update
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the bypass of
Java sandbox restrictions, denial of service, arbitrary code execution,
incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel
attacks.
nagios-4.2.4-2.el7
Major Update. Fixes various CVE and other issues.
Attackers Capitalizing on Unpatched WordPress Sites
WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.
Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege
Posted by Stefan Kanthak on Feb 07
Hi @ll,
the executable installer [°] and the “portable” version
of SumatraPDF 3.1.2 (available from
<https://www.sumatrapdfreader.org/download-free-pdf-viewer.html>)
are vulnerable to DLL hijacking [‘]:
The executable installers SumatraPDF-3.1.2-install.exe and
SumatraPDF-3.1.2-64-install.exe load and execute (tested on
a fully patched Windows 7 SP1) at least Version.dll, OLEACC.dll,
CryptBase.dll, NTMARTA.dll,…
Responsive Filemanger <= 9.11.0 – Arbitrary File Disclosure/Deletion
Posted by Wiswat A on Feb 07
[+] Exploit Title: Responsive Filemanger <= 9.11.0 – Arbitrary File
Disclosure/Deletion
[+] Date: 7 Feb 2017
[+] Vulnerability and Exploit Author: Wiswat Aswamenakul
[+] Vendor Homepage: http://www.responsivefilemanager.com/
[+] Affected version: only tested on 9.11.0 and 9.7.3 (other versions
might be affected)
[+] Tested on: Ubuntu 14.04, PHP 5.5.9
[+] Category: webapps
[+] Description
Responsive filemanger is a PHP based file manager that…
CVE-2016-6667
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-3063
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
CVE-2016-1502
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
CVE-2016-1894
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.