Open Atrium - Moderately critical - Information Disclosure - SA-CONTRIB-2017-041

Open Atrium is a distribution the enables collaboration sites to be built. It contains several custom modules to provide various functionality. While content is often protected behind private groups, public content can also be shared. When using Open Atrium as an internal Intranet, this "public"...

Baseband Zero Day Exposes Millions of Mobile Phones to Attack

MIAMI—A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules and IoT components was revealed Thursday at the Infiltrate Conference by researcher Ralf-Phillip Weinmann, managing director at security firm Comsecuris. In one attack scenario, the vulnerabili...

SLiMS 7 Cendana Cross-Site Scripting Vulnerability

SLiMS 7 Cendana is an open source, free library management system. A cross-site scripting vulnerability exists in the admin/modules component in SLiMS 7 Cendana on 2017-03-23 and earlier. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

openSUSE Security Update : samba (openSUSE-2017-439)

"This update for samba fixes the following issues : Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes : - Don't package man pages for VFS modules that aren't built bsc993707. - syncreq: make asyncconnectsend 'reentrant';...

openSUSE Security Update : samba (openSUSE-2017-437)

"This update for samba fixes the following issues : Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes : - Force usage of ncurses6-config thru NCURSESCONFIG env var bsc1023847. - Add missing ldb module directory bsc1012092. -...

SUSE-SU-2017:0858-1 Security update for samba

This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes: - Force usage of ncurses6-config thru NCURSESCONFIG env var bsc1023847. - Add missing ldb module directory bsc1012092. - Don't...

Microsoft VBA Hidden Modules

Credits: Maxim Tomashevich / Thegrideon Software Website: https://www.thegrideon.com/ Details: https://www.thegrideon.com/vba-internals.html Vendor: --------------------- Microsoft Product: --------------------- Visual Basic for Applications VBA 6.5 - 7.1 x32 / x64 Vulnerability Details:...

Virtuozzo 6 : libvzctl / parallels-kernel-modules / etc (VZA-2017-005)

According to the versions of the libvzctl / parallels-kernel-modules / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw found in the way prl-vzvncserver parsed terminal escape sequences that could allow a remote attacker...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of exploit modules and tools for penetration testing and vulnerability assessment. The framework is written in Ruby and is widely used by security professionals and researchers. The repository contains a large number of...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkoutitem.php, bibliography/dlprint.php, bibliography/item.php, bibliography/itembarcodegenerator.php, bibliography/printedcard.php,...

CVE-2017-7242

Multiple Cross-Site Scripting XSS were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkoutitem.php, bibliography/dlprint.php, bibliography/item.php, bibliography/itembarcodegenerator.php, bibliography/printedcard.php,...

CVE-2017-7242

CVE-2017-7242 is an XSS vulnerability in SLiMS 7 Cendana affecting multiple admin/modules components. The described flaws involve unsafely handling user-supplied input in the keywords parameter across several scripts (bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.ph...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

Directory traversal

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

DEBIAN-CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

National Instruments LabVIEW LvVarientUnflatten Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled V...