GStreamer security, bug fix, and enhancement update

clutter-gst2 2.0.18-1 - Update to 2.0.18 - Remove obsolete patches - Use license macro for COPYING - Resolves: 1386833 gnome-video-effects 0.4.3-1 - Update to 0.4.3 - Resolves: 1386968 0.4.1-5 - Fix URL rhbz1380981 gstreamer-plugins-bad-free 0.10.23-23 - Rebuild with hardened flags Resolves:...

WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

Flash Player is Dead, Long Live Flash Player!

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple,...

gstreamer-plugins-good: Invalid memory read in gst_aac_parse_sink_setcaps

The gstaacparsesinksetcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted audio file...

gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a

The gstdecodechainfreeinternal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service invalid memory read and crash via an invalid file, which triggers an incorrect unref call...

gstreamer-plugins-base: Out-of-bounds heap read in html_context_handle_element

The htmlcontexthandleelement function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds write via a crafted SMI file, as demonstrated by OneNoteManager.smi...

gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service floating point exception and crash via a crafted ASF file...

gstreamer-plugins-good: Invalid memory read in gst_avi_demux_parse_ncdt

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a ncdt sub-tag that "goes behind" the surrounding tag...

gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm

The gstpsdemuxparsepsm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service invalid memory read and crash via vectors involving PSM parsing...

gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples

The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...

chromium-browser: use after free in ppapi

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Cross-site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. Leveraging a flaw in mod/assign/adminmanageplugins.php, attackers can hijack the authentication of administrators through requests that manage the Assignment plugins...

CVE-2017-5099

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page...

ansible -- information disclosure flaw

ansible developers report: Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the nolog directive where the information may not be sanitized properly...

Joomla! Component JoomRecipe 1.0.4 - 'search_author' SQL Injection

Exploit Title: Joomla JoomRecipe 1.0.4 Component - Blind SQL Injection Vulnerability Date: 20.07.2017 Exploit Author: Teng Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/ Version: 1.0.4 Platform:...

WordPress Outdated Plugin Detection

The WordPress application running on the remote host has outdated plugins installed. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid101841; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/05/14"; scriptnameenglish:"WordPress...

DEBIAN-CVE-2017-1000024

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...

CVE-2017-1000024

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...

UBUNTU-CVE-2017-1000024

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...

Fedora 26 : libdb (2017-2b68e14594)

Security fix for DBCONFIG parsing when dbhome is not set. This update also introduces modified fixes for rhbz1394862 once again and additionally fixes ppc specific hangs described in rhbz1460003. Please be aware that this update is expected to cause DBVERSIONMISMATCH errors during installation if...