Centreon Web Interface Remote Command Execution Vulnerability

Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A remote command...

Security Update for Microsoft PowerPoint 2013 (KB3115254) 32-Bit Edition

A security vulnerability exists in Microsoft PowerPoint 2013 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Finsaver. Finance Manager. - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Finsaver. Finance Manager. published at the 'play' market has multiple vulnerabilities...

Botnet Powered by 25,000 CCTV Devices Uncovered

A botnet comprised entirely of internet-enabled closed circuit TV devices used a barrage of HTTP requests to knock a small jewelry store offline for days. Researchers who came across the botnet recently said they weren’t surprised that IoT devices were being used to carry out a distributed denial...

SUSE-SU-2016:1593-1 Security update for p7zip

This update for p7zip fixes the following issues: - add p7zip-9.20.1-CVE-2016-2335.patch to fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability bsc979823, CVE-2016-2335...

SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MS16-069: Cumulative security update for JScript and VBScript: June 14, 2016

Resolves vulnerabilities in the JScript and VBScript scripting engines in Windows that could allow remote code execution if a user visits a specially crafted website.Summary This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The...

IBM Marketing Platform SQL Injection Vulnerability (CNVD-2016-03333)

IBM Marketing Platform is a suite of marketing platforms from IBM in the United States. The platform supports marketers in leveraging and analyzing customer interactions on websites, cell phones and social media to deliver targeted marketing campaigns to customers. A SQL injection vulnerability...

CVE-2016-4117

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016...

MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016

MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016 Summary This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially...

NetCommWireless HSPA 3G10WVE Authentication Bypass / Code Execution

Title: ==== NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-6023, CVE-2016-6024 Date: ==== 03-05-2016 dd/mm/yyyy Vendor: ====== NetComm Wireless is a leading develop...

Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE

The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter...

Oracle MySQL 5.6.x < 5.6.28 Multiple Vulnerabilities

Binary data 9237.prm...

SUSE-SU-2016:0967-1 Security update for rubygem-actionpack-3_2

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. bsc968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack bsc968849...

mercurial: arbitrary code execution

CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...

SUSE-SU-2016:0957-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version jdk8u77-b03 fixes the following security issue: CVE-2016-0636: Improve MethodHandle consistency, which had allowed attackers to execute code. bsc972468...

Little Gluttons - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Little Gluttons published at the 'play' market has multiple vulnerabilities...

Little Commander WW2 Halloween - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Little Commander WW2 Halloween published at the 'play' market has multiple vulnerabilities...

Townsmen - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Townsmen published at the 'play' market has multiple vulnerabilities...