OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
fdd2de57852e1fd9cec19e7c576100a286c2be9c0fff14396e2cffa7e5548fddThere is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a document or music file.
7ffd15f66d899cf5ad6ff6674833eb1870b4935ff336fb675f5220f416be335fThere is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.
bb3c8a7504d6e8c404b476e897caa56de42f921ba832cc4711f8ae78d2e13e4aWordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.
2ec1a0d99abb5947627baca39e075feb58469c6d5343d02372f0c7228f090bb6WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.
a1e26e9a88b4ddfb7ecd7cc345817ca900f281621be4abee4b9fc7cfe1b7235dRed Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
822ce2a5a2219e619fcb8712952a12baa3716903009d2d8afeb6607985aa478aRed Hat Security Advisory 2017-3476-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
e524f8ce7b2aeed25d1c47f9cedff0e1cc57e3fbd7aa76b24a33091b5f3ff83dRed Hat Security Advisory 2017-3475-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.
7a80ddd064b974806ee57d0ef30c611ff93aa622e38490ed53afce00dc512af4The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
ebb137b7cf5aab3fa821e1160f32d5b277ad4a8d68b147107e0e492f7b821dd4The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
acc225bd1b21250c626dc4a00829cd53ab675137c05067793a79cfb388ed3cf7Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.
603914e4682e0177547ee6bd36e55a016f2159b8a92243ba90bf9945fe6c0675VLC versions 2.2.8 and below suffer from a type conversion vulnerability in the MP4 demux module.
517f22e30a6a226acec48ea2f884e2b4a520164bd32f90f3aac8dc1b5d910d2aThe nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.
0158af91f1804a0e9359005af8cc870bf882c536878b03e5930291a42bb7217a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed