While auditing the Teamspeak 3 server I've discovered several 0-day
vulnerabilities which I'll describe in detail in this advisory. They exist in
the newest version of the server, version 3.0.13.
I found 10 vulnerabilities. Some of these are critical and allow remote code
execution. For the
=
Title: Zabbix 3.0.3 SQL Injection Vulnerability
Product: Zabbix
Vulnerable Version(s): 2.2.x, 3.0.x
Fixed Version: 3.0.4
Homepage: http://www.zabbix.com
Patch link: https://support.zabbix.com/browse/ZBX-11023
Credit: 1N3@CrowdShield
(, ) (,
. '.' ) ('.',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
(, ) (,
. '.' ) ('.',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
(, ) (,
. '.' ) ('.',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
vBulletin
CVE-2016-6483
vBulletin software is affected by a SSRF vulnerability that allows
unauthenticated remote attackers to access internal services (such as mail
servers, memcached, couchDB, zabbix etc.) running on the server
hosting vBulletin as well as services on other servers on the local
tl;dr
RCE, file download, weak encryption and user impersonation, all of which
can be exploited by an unauthenticated attacker in WebNMS Framework 5.2
and 5.2 SP1.
A special thanks to Beyond Security and their SSD program, which helped
disclose the vulnerabilities. See their advisory at
Details
Software: Advanced Custom Fields: Table Field
Version: 1.1.12
Homepage: https://wordpress.org/plugins/advanced-custom-fields-table-field/
Advisory report:
Hi, everyone,
As, of, today, my, blog - http://ddanchev.blogspot.com is going, private, and,
I, decided, to, let, everyone, know, on, how, to, request, access, to,
continue, to, maintain, access, to, the, blog.
Hi @ll,
several of Microsoft's Sysinternals utilities extract executables
to %TEMP% and run them from there; the extracted executables are
vulnerable to DLL hijacking, allowing arbitrary code execution in
every user account and escalation of privilege in "protected
administrator" accounts [*].
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
---
VMware Security Advisory
Advisory ID: VMSA-2016-0011
Severity:Moderate
Synopsis:vRealize Log Insight update addresses directory
11 matches
Mail list logo