Monthly Archives: February 2017
GLSA 201702-28: QEMU: Multiple vulnerabilities
GLSA 201702-29: PHP: Multiple vulnerabilities
GLSA 201702-27: Xen: Multiple vulnerabilities
PHPShell 2.4 Cross Site Scripting
PHPShell version 2.4 suffers from a cross site scripting vulnerability.
PHPShell 2.4 Session Fixation
PHPShell version 2.4 suffers from a session fixation vulnerability.
Sawmill Enterprise 8.7.9 Authentication Bypass
Sawmill Enterprise version 8.7.9 suffers from a pass the hash authentication bypass vulnerability.
Gentoo Linux Security Advisory 201702-12
Gentoo Linux Security Advisory 201702-12 – Multiple vulnerabilities have been found in MuPDF, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.10a-r1 are affected.
Red Hat Security Advisory 2017-0286-01
Red Hat Security Advisory 2017-0286-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
Ubuntu Security Notice USN-3204-1
Ubuntu Security Notice 3204-1 – It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service.