Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
CVE-2016-4894
SetucoCMS allows remote attackers to cause a denial of service.
CVE-2017-7281
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
CVE-2016-5856
Drivers/soc/qcom/spcom.c in the Qualcom SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
ansible-2.3.0.0-1.el7
Many bugfixes and improvements. See https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md for full list of changes.
rst and html docs have been split out into a ansible-docs subpackage.
Includes fix for CVE-2017-7466
—-
Update to upstream 2.2.2.0 release.
ansible-2.3.0.0-1.el6
Many bugfixes and improvements. See https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md for full list of changes.
rst and html docs have been split out into a ansible-docs subpackage.
Includes fix for CVE-2017-7466
—-
Update to upstream 2.2.2.0 release.
ansible-2.3.0.0-1.fc26
Many bugfixes and improvements. See https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md for full list of changes.
rst and html docs have been split out into a ansible-docs subpackage.
Includes fix for CVE-2017-7466
ansible-2.3.0.0-1.fc25
Many bugfixes and improvements. See https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md for full list of changes.
rst and html docs have been split out into a ansible-docs subpackage.
Includes fix for CVE-2017-7466
ansible-2.3.0.0-1.fc24
Many bugfixes and improvements. See https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md for full list of changes.
rst and html docs have been split out into a ansible-docs subpackage.
Includes fix for CVE-2017-7466
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting Vulnerabilities
Posted by DefenseCode on Apr 12
DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting
Vulnerabilities
Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted, fix released
Release Date: 20170410
Risk: Medium
# Brief Vulnerability Description
During the security analysis, ThunderScan discovered multiple…