Many WordPress themes and a plugin suffer from open redirection vulnerabilities. Age-Verification plugins version 0.5 is affected. Themes affected include Ev version 1.x, Nine-Day version 1.6, Aibbt version 1.0, itiis version 1.x, ifxPro.Cn version 5.0, 2kqq version 5.2, Azzxx version 1.2.1, BigChrome version 5.2, clsn-003 version 1.0, Concise version 2.8, TaozHuji version 5.2, UsaMusic-PC version 1.0, Wngzs version 1.0, 2018110612035976 version 1.7.3, Begin4.6 version 4.6, Begin5.2 version 5.2, Begin44 version 4.4, BeginLTS version 6, Zangai version 1.1.0, Deep version 5.4, and Wopus version 1.0.
Vulnerability - PacketStorm
Matri4Web Matrimony Web Script suffers from multiple remote SQL injection vulnerabilities.
Red Hat Security Advisory 2019-0633-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Multiple vulnerabilities have been addressed.
Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.
Bootstrapy CMS suffers from multiple remote SQL injection vulnerabilities.
The Company Business Website CMS suffers from multiple remote SQL injection vulnerabilities.
Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
Gentoo Linux Security Advisory 201903-16 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. Versions less than 7.9_p1-r4 are affected.
202CMS version 10beta suffers from multiple remote SQL injection vulnerabilities.
Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
eNdonesia Portal version 8.7 suffers from remote SQL injection and iframe injection vulnerabilities.
Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.
ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.
Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities.
Laundry CMS suffers from remote SQL injection and iframe injection vulnerabilities.
Ubuntu Security Notice 3908-2 - USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. Various other issues were also addressed.
Gentoo Linux Security Advisory 201903-14 - Multiple vulnerabilities have been found in Oracleas JDK and JRE software suites. Versions less than 22.214.171.124 are affected.
Gentoo Linux Security Advisory 201903-13 - Multiple vulnerabilities have been found in BIND, the worst of which could result in a Denial of Service condition. Versions less than 9.12.1_p2-r1 are affected.
Gentoo Linux Security Advisory 201903-12 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.22.6 are affected.
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and WhitepapersSubscribe to Vulnerability - PacketStorm feed
- WordPress Themes Open Redirection 2019/03/22
- Matri4Web Matrimony Web Script SQL Injection
- Red Hat Security Advisory 2019-0633-01
- Sourcetree Git Arbitrary Code Execution / URL Handling
- Bootstrapy CMS SQL Injection
- The Company Business Website CMS SQL Injection
- Java Card VM Memory Safety
- Gentoo Linux Security Advisory 201903-16
- 202CMS 10beta SQL Injection
- Gentoo Linux Security Advisory 201903-15
- Spycams Secretly Live-Streamed 1,600 Motel Guests
- Firefox and Edge Fall to Hackers on Day Two of Pwn2Own
- Google Play Touts Certs in Quest For Enterprise Security
- Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
- Analysis: Drone Tech Creates New Type of Blended Threat
- Medtronic Defibrillators Have Critical Flaws, Warns DHS
- WordPress Plugin Patched After Zero Day Discovered
- Hackers Take Down Safari, VMware and Oracle at Pwn2Own
- Facebook Stored Passwords in Plain Text For Years
- MyPillow and Amerisleep Targeted in Magecart Group Attacks