这次曝出远程代码执行漏洞的是堪称全球最流行邮件发送类的PHPMailer,据说其全球范围内的用户量大约有900万——每天还在持续增多。 GitHub上面形容PHPMailer“可能是全球PHP发送邮件最流行的代码。亦被诸多开源项目所采用,包括WordPress、Drupal、1CRM、Joomla!等”。所以这个漏洞影响范围还是比较广的,漏洞级别也为Critical最高级。 漏洞编码 CVE-2016-10033 影响版本 PHPMailer < 5.2.18 漏洞级别 高危 漏洞描述 独立研究人员Dawi…
CVE
CVE-2016-7944 SUSE Enterprise Linux Security Update for xorg-x11-libXfixes (SUSE-SU-2016:3172-1)
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for xorg-x11-libxfixes to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for pcre to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for xorg-x11-libs to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a limited …
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe RoboHelp Server extends the capabilities of Adobe RoboHelp and Adobe FrameMaker. Merge multiple segments of Help content, including responsive HTML5 content, into a unified information system. Host it for anytime, anywhere, any devi…
漏洞类别:Local 漏洞等级: 漏洞信息 Gollum is a simple wiki system built on top of Git. The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. Affected Versions: gollum prior 4.0.1…
漏洞类别:Local 漏洞等级: 漏洞信息 iTunes is a digital media player application for Mac OS and Windows developed by Apple. WebKit in Apple iTunes for Windows is prone to multiple vulnerabilities like Information Disclosure and Arbitrary Code Execution. Affected Versions: A…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim…
CVE
CVE-2016-3081 Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (S2-032)
漏洞类别:Web Application 漏洞等级: 漏洞信息 Apache Struts is a framework for building web applications. A vulnerability CVE-2016-3081 exists due to improper handling of malicious expressions by the Apache Struts when Dynamic Method Invocation is enabled. This will allow a…
漏洞类别:Web Application 漏洞等级: 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. A vulnerability CVE-2013-1966 and CVE-2013-2115 exists due to Invalid handling of "includeParams" attribute, which leads to code …
漏洞类别:Web Application 漏洞等级: 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. Apache Struts is prone to multiple remote code execution vulnerabilities CVE-2013-2134 and CVE-2013-2135 due to improper handling…
漏洞类别:Web Application 漏洞等级: 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. Apache Struts is prone to multiple security vulnerabilities CVE-2013-4310 and CVE-2013-4316. Apache Strut is affected by followin…
漏洞类别:Web Application 漏洞等级: 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. A vulnerability CVE-2016-4438 exists due to improper handling of malicious expressions by the Apache Struts when using the REST p…
漏洞类别:CGI 漏洞等级: 漏洞信息 WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on…
CVE
CVE-2016-5563 Oracle Hospitality OPERA 5 Property Services Multiple Vulnerabilities (CPUOCT2016)
漏洞类别:CGI 漏洞等级: 漏洞信息 Oracle Hospitality OPERA Cloud Services is an enterprise platform for hotel operations and distribution. It offers the comprehensive, next-generation capabilities hotels need to enhance guest experiences and improve operating efficiency. Or…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for bind97 to fix the vulnerabilities. Affected Products: centos 5 漏洞危害 Successful exploitation allows attacker to service disruption. 解决方案 To resolve this issue, upgrade to the latest packages which c…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for bind to fix the vulnerabilities. Affected Products: centos 5 centos 6 centos 7 漏洞危害 Successful exploitation allows attacker to cause service disruption. 解决方案 To resolve this issue, upgrade to the l…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for python-twisted-web to fix the vulnerabilities. Affected Products: centos 6 centos 7 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the…
漏洞类别:CentOS 漏洞等级: 漏洞信息 CentOS has released security update for openssl to fix the vulnerabilities. Affected Products: centos 7 centos 6 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the latest pac…
漏洞类别:Local 漏洞等级: 漏洞信息 RoboHelp is a help authoring tool (HAT). The vulnerability exists due to improper validation of user-supplied input that could allow an attacker to conduct cross-site scripting attacks. Affected Versions: Adobe RoboHelp 2015.0.3 and earli…
漏洞编号:CVE-2016-10009 漏洞描述: 暂无 漏洞危害: 黑客通过利用漏洞可以实现远程命令执行,严重情况下可能会导致业务中断或数据泄露。 漏洞利用条件: 可以实现远程利用。 漏洞影响范围: OpenSSH OpenSSH 7.3 OpenSSH OpenSSH 7.2P2 OpenSSH OpenSSH 7.2 OpenSSH OpenSSH 7.1P2 OpenSSH OpenSSH 7.1P1 OpenSSH OpenSSH 7.1 OpenSSH OpenSSH 7.0 OpenSSH OpenS…
举办时间:2017-01-07 13:30:00 活动地点:上海市闸北区延长中路801号新华园B座4层 作者:聪明的狗子 报名地址:http://www.huodongxing.com/event/9364847976400 沙龙简介 华盟网在网络安全圈默默耕耘十余载,现联合上海安犬公司在上海举办线下活动,是上海网络安全界一大盛会,主题:WEB安全技术交流,现在Web环境的互联网应用越来越广泛,接踵而至的就是Web安全威胁,黑客利用网站操作系统的漏洞和Web服务程序轻则篡改网页内容,重则窃取重要内部数据,此次华盟网…
绿盟科技发布了本周安全通告,周报编号NSFOCUS-16-37,绿盟科技漏洞库本周新增70条,其中高危68条。本次周报建议大家关注 Linux 内核权限提升漏洞 ,Linux官方已经发布了升级补丁以修复这个安全问题,请用户尽快升级修复此漏洞。 焦点漏洞 Linux 内核权限提升漏洞 CVE ID CVE-2015-8966 受影响版本 Linux kernel < 4.4 漏洞点评 Linux 内核小于4.4版本在arch/arm/kernel/sys_oabi-compat.c文件中存在安全漏洞,可使本地用…