SUSE-SU-2018:0645-1 Security update for java-1_7_0-ibm

This update for java-170-ibm provides the following fixes: The version was updated to 7.0.10.20 bsc1082810: Following security issues were fixed: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602...

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)

This update for java-171-ibm provides the following fix: The version was updated to 7.1.4.20 bsc1082810 - Security fixes : - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

SUSE-SU-2018:0630-1 Security update for java-1_7_1-ibm

This update for java-171-ibm provides the following fix: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

antMan 0.9.0c Authentication Bypass

Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...

antMan 0.9.0c - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt an...

antMan 0.9.1a - Authentication Bypass

antMan 0.9.1a - Authentication Bypass Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POS...

Design/Logic Flaw

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...

CVE-2018-0001

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...

CVE-2018-0001 Junos: Unauthenticated Remote Code Execution through J-Web interface

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...

Linux Kernel Local Contention Condition Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A local contention condition vulnerability exists in the 'touchpmd' function of the THP implementation in Linux Kernel versions 2.6.38 through 4.14, which stems from t...

CVE-2016-6803

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application or user running with administrative privilege. Any installer with the unquoted...

Design/Logic Flaw

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application or user running with administrative privilege. Any installer with the unquoted...

CVE-2016-6803

CVE-2016-6803 concerns an unquoted Windows search path vulnerability in the Windows installer of Apache OpenOffice prior to 4.1.3. The issue enables a delayed trigger for privilege escalation, requiring a Trojan Horse or user activity with administrative privileges on the PC. The vulnerability is...

Issuetracker phpBugTracker cross-site scripting vulnerability (CNVD-2017-30877)

Issuetracker phpBugTracker is a web-based defect tracking system. The system provides features such as project management and defect tracking services. A cross-site scripting vulnerability exists in Issuetracker phpBugTracker versions prior to 1.7.2. A remote attacker can exploit this vulnerabili...

Issuetracker phpBugTracker Cross-Site Scripting Vulnerability

Issuetracker phpBugTracker is a web-based defect tracking system. The system provides features such as project management and defect tracking services. A cross-site scripting vulnerability exists in Issuetracker phpBugTracker versions prior to 1.7.0. This vulnerability can be exploited by remote...

The vulnerability of the authentication module of Huawei Campus S5700, S5300, S6300, S6700, S7700, S9300, and S9700 series network switches allows a hacker to trigger a service failure.

The vulnerability of the authentication module for Huawei Campus S5700, S5300, S6300, S6700, S7700, S9300, and S9700 series network switches is related to defects in the authentication process violation of initialization of the array. Exploiting this vulnerability allows an attacker, operating...

MantisBT Security Bypass Vulnerability (CNVD-2017-33719)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in versions of MantisBT prior to 1.2.19. An attacker can exploit the vulnerability t...

BIND TSIG Query Denial of Service

A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries. This module...

Cisco Webex Meetings Server Browser Extension Remote Code Execution Vulnerability

Cisco Webex Meetings Server is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Cisco has provided updates today for WebEx browser extensions for Chrome and Firefox after Google Project Zero researcher Tavis Ormandy and Divergent Security’s Cris Neckar privately disclosed a vulnerability that could be abused to remotely run code on a computer running the browser extension...