UBUNTU-CVE-2016-5731

Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...

Pulsar - Protocol Learning, Simulation and Stateful Fuzzer

Protocol Learning, Simulation and Stateful Fuzzer Pulsar is a network fuzzer with automatic protocol learning and simulation capabilites. The tool allows to model a protocol through machine learning techniques, such as clustering and hidden Markov models. These models can be used to simulate...

CVE-2016-0260

Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service heap memory consumption by triggering many errors...

Troubleshooting Checklist: Cannot send emails using Secure Mail

Do the following: Collect Secure Mail logs from the device. If you see HTTP 413 in the logs, there are client certificate errors. Run the Secure Mail Test Application. Collect Exchange Server logs. For details, see the Microsoft documentation. Additional Resources: FullXenMobile Deployment Handbo...

phpMyAdmin Full Path Disclosure Vulnerability

phpmyadmin is an online management tool for MySQL databases. phpmyadmin versions 4.4.x, 4.6.x, 4.0.x are available at . /setup/, . /examples/ are vulnerable to a full path disclosure vulnerability, which can be exploited by an attacker with a constructed script that triggers a PHP error message t...

Patched libarchive Vulnerabilities Have Big Reach

The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software. As is the case with most open source software packages, patching the core library is only half the battl...

ImageMagick 7.x < 7.0.1-10 Multiple Vulnerabilities

The remote Windows host has a version of ImageMagick installed that is 7.x prior to 7.0.1-10. It is, therefore, affected by the following vulnerabilities : - An overflow condition exists in the ReadRLEImage function in rle.c due to improper validation of user-supplied input. An unauthenticated,...

[SECURITY] [DLA 521-1] firefox-esr security update

Package : firefox-esr Version : 45.2.0esr-1deb7u1 CVE ID : CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2828 CVE-2016-2831 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation erro...

Adobe Flash Player for Mac <= 21.0.0.242 Multiple Vulnerabilities (APSB16-18)

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 21.0.0.242. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service condition...

Adobe Flash Player <= 21.0.0.242 Multiple Vulnerabilities (APSB16-18)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 21.0.0.242. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service condition ...

PT-2016-2232 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 21.0.0.242 and earlier Description: The issue is related to unspecified errors in the code of Flash Player and Flash Player for Linux. It may allow a remote attacker to impact the integrity, availability, and...

PT-2016-3127 · Microsoft +4 · Internet Explorer +5

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 21.0.0.242 and earlier Description: The issue is related to errors in the code of Adobe Flash Player libraries used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge. Exploitation of this issue may allow ...

PT-2016-2257 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 21.0.0.242 and earlier Description: The issue is related to unspecified errors in the code of Flash Player and Flash Player for Linux. Exploitation of this issue may allow a remote attacker to impact the integrity,...

PT-2016-3292 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Android kernel versions prior to 4.8 Description: The issue is related to the seccomp implementation in the Linux kernel, specifically with access control errors. This could allow an attacker to escalate privileges and execute arbitrary code...

Debian Security Advisory DSA 3601-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3601.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3601-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2016 Greenbone Networks GmbH...

Centreon Web Useralias Command Execution

Centreon Web Interface 'Centreon Web Useralias Command Execution', 'Description' = %q Centreon Web Interface 'h00die ', module 'Nicolas CHATELAIN ' discovery , 'References' = 'EDB', '39501' , 'License' = MSFLICENSE, 'Platform' = 'python', 'Privileged' = false, 'Arch' = ARCHPYTHON, 'Targets' =...

Debian DSA-3600-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That's right, Debian no longer...

Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security and bug fix update

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Debian: Security Advisory (DSA-3600-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Password Autocorrect Without Compromising Security

Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such a...