Cisco ASA Software CVE-2017-6610 Denial of Service Vulnerability
Cisco IOS and IOS XE Software Multiple Denial of Service Vulnerabilities
Vuln: Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6607 Denial of Service Vulnerability
Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6607 Denial of Service Vulnerability
Cisco IOS XE Software CVE-2017-6615 Denial of Service Vulnerability
Cisco Prime Infrastructure CVE-2017-6611 Cross Site Scripting Vulnerability
Cisco Integrated Management Controller CVE-2017-6618 Cross Site Scripting Vulnerability
Cisco FindIT Network Probe CVE-2017-6614 Information Disclosure Vulnerability
Cisco Integrated Management Controller CVE-2017-6619 Remote Command Execution Vulnerability
Cisco ASA Software and FTD Software CVE-2017-3793 Denial of Service Vulnerability
Cisco Unified Communications Manager CVE-2017-3808 Denial of Service Vulnerability
VMware Workstation and Horizon Client CVE-2017-4913 Integer Overflow Vulnerability
VMware Workstation and Horizon View Client CVE-2017-4912 Remote Code Execution Vulnerability
IBM Cognos TM1 CVE-2016-3036 Denial of Service Vulnerability
OpenSSL CVE-2016-6307 Denial of Service Vulnerability
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability
Posted by DefenseCode on Apr 19DefenseCode ThunderScan SAST Advisory
Ultimate Form Builder
Cross-Site Scripting (XSS) Vulnerability
Advisory ID: DC-2017-01-027
Software: Ultimate Form Builder WordPress plugin
Software Language: PHP
Vendor Status: Vendor contacted
Release Date: 20170419
# Advisory Overview
During the security audit, security vulnerability was discovered in
Ultimate Form Builder...
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands.
Posted by Andrey B. Panfilov on Apr 19CVE Identifier: CVE-2017-7220
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Initially this vulnerability was...
Posted by Filippo Cavallarin on Apr 19Advisory ID: SGMA17-001
Title: Squirrelmail Remote Code Execution
Version: 1.4.22 and probably prior
Type: Command Injection
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
Vendor notification: 2017-04-04
Vendor fix: N/A...
Posted by Slackware Security Team on Apr 19[slackware-security] minicom (SSA:2017-108-01)
New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
Fix an out of bounds data access that can lead to remote code execution.
This issue was found by Solar Designer of Openwall...