1. *Advisory Information*
Title: Trend Micro ServerProtect Multiple Vulnerabilities
Advisory ID: CORE-2017-0002
Advisory URL:
http://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities
Date published: 2017-05-23
Date of last update: 2017-05-23
Vendors contacted:
SEC Consult Vulnerability Lab Security Advisory < 20170523-0 >
===
title: Arbitrary File Upload & Stored XSS
product: InvoicePlane
vulnerable version: 1.4.10
fixed version: 1.5.2
Document Title:
===
HTTrack v3.x - Stack Buffer Overflow Vulnerability
References (Source):
https://www.vulnerability-lab.com/get_content.php?id=2068
Release Date:
=
2017-05-22
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability
References (Source):
https://www.vulnerability-lab.com/get_content.php?id=2072
Release Date:
=
2017-05-21
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability
References (Source):
https://www.vulnerability-lab.com/get_content.php?id=2070
Release Date:
=
2017-05-16
Vulnerability Laboratory ID (VL-ID):
# Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and
PJSIP
- Authors:
- Alfred Farrugia
- Sandro Gauci
- Vulnerable version: Asterisk 14.4.0 running `chan_pjsip`, PJSIP 2.6
- References: AST-2017-002
- Enable
# Asterisk Skinny memory exhaustion vulnerability leads to DoS
- Authors:
- Alfred Farrugia
- Sandro Gauci
- Vulnerable version: Asterisk 14.4.0 with `chan_skinny` enabled
- References: AST-2017-004
- Enable Security Advisory:
# Out of bound memory access in PJSIP multipart parser crashes Asterisk
- Authors:
- Alfred Farrugia
- Sandro Gauci
- Vulnerable version: Asterisk 14.4.0 running `chan_pjsip`, PJSIP 2.6
- References: AST-2017-003
- Enable Security