Tag
#ubuntu
Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.
CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.
WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.
CMS NEXIN version 2.0 appears to leave default credentials installed after installation.
Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.
Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.