Oracle: Security Advisory (ELSA-2016-3529)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress External Links Plugin <= 1.80 - Multiple Cross Site Scripting

This vulnerability allows remote attackers to inject malicious script codes to the application-side of the vulnerable modules. Solution Update the plugin...

Warning about NPM modules | Cloud Foundry

Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...

USN-2935-3: PAM regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the...

USN-2935-2 pam regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pamuserdb module incorrectly us...

Fedora 23 : grub2-2.02-0.24.fc23 (2015-c3b4fef3af)

Rebuild without multiboot modules in the EFI image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 22 : php-5.6.14-1.fc22 (2015-b24a52fc97)

01 Oct 2015, PHP 5.6.14 Core: Fixed bug php70370 Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions. Adam CLI server: Fixed bug php68291 404 on urls with '+'. cmb DOM: Fixed bug php70001 Assigning to DOMNode::textContent does additional entity encoding. cmb Mysqlnd: Fixed bug...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

[SECURITY] Fedora 23 Update: perl-5.22.1-351.fc23

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 22 Update: octave-3.8.2-19.fc22

GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with Matlab. It may...

Fiyo CMS 2.0.2.1 Cross Site Scripting

Introduction Affected Product: Fiyo CMS 2.0.2.1 Fixed in: Fiyo CMS 2.0.6 Fixed Version Link: http://www.fiyo.org/blog/versi-2-0-6-banyak-perubahan-untuk-stabilitas Vendor Website: http://www.fiyo.org/ Vulnerability Type: Persistent XSS Remote Exploitable: Yes Reported to vendor: 28/12/2015 Fixed...

OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update fix for CVE-2015-7547 1296028. - Create helper threads with enough stack for POSIX AIO and timers 1301625. - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow 1296028. - Support loadin...

JReFrameworker - Practical Managed Code Rootkits for Java

This project aims to extend the work done by Erez Metula in his book Managed Code Rootkits: Hooking into Runtime Environments. The work outlines a tool ReFrameworker that claims to be a framework modification tool capable of performing any modification task, however the tool falls short in...

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. The problems affect the NMS300 product, a web-based system the company manufactures to help users monitor...

Windows-Exploit-Suggester - Tool To Compares A Targets Patch Levels Against The Microsoft Vulnerability Database

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. It requires the 'systeminfo' comman...

Oracle E-Business Suite Oracle Human Resources Self Service - Unspecified Vulnerability in Common Modules Component

Oracle E-Business Suite is a new generation of e-business suite from Oracle. An unspecified security vulnerability exists in the Oracle E-Business Suite Oracle Human Resources Self Service - Common Modules component, which could be exploited by remote attackers to submit a special request to acce...

CVE-2016-0512

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules...

F5 Networks BIG-IP : SNTP vulnerability (K60352002)

SNTP processing would enter into an infinite loop when a crafted NTP packet was received. CVE-2015-5219 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K60352002. The text description of this plugin is C F5...