Liferay Portal version 5.1.2 suffers from a persistent cross site scripting vulnerability.
c0caf6708ab4d86acc035452baff04d5bae5ac652353b3ce2b751e35eab1c7a3GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the current stable release.
6a32c2b4acbd33ff7eefcbd1357009da04c94c60146ef61320b6c076b1bdf59f360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
4210ef09e1a1c4fe7bb855e6b9ca5560ffad95db48f9aba053850b587b19a4b5ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
80c61eec561eeb58e79da30726b8821cf84e16abdcdb0d44d505ee52ab188c35Open-Xchange Guard versions 2.2.0 and 2.0 suffer from a PGP private key disclosure vulnerability.
26dcd04d04fbbbfbc871d177446f464caec77c184534a45f0c096d98ce63bc0fPanda SM Manager versions 2.0.10 and below fail to verify the SSL certificate they receive when connecting to a secure site.
dfe5300d2107330ced841e180c483ee653bc38ee91c0e0d2ee0ee149d923f6e8WordPress Bulk Delete plugin version 5.5.3 suffers from a privilege escalation vulnerability.
a80a1b72aaf71032553e1a19b363ecce0bfb70d4a75fa313763ef90eef8cfe8cSlackware Security Advisory - New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
7c91a7b7cd14403f1eb73d918150d4cfab9191c3695907b12ea5513ad4214e16Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
264c7d3a0be7e52080a43814d32ce36c6ea5a6fb431cee874379e6cfa549c6e4Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
ce6e7d20160abe122eb24b93da4eec8336a898d9478c091d48270c0d94c4bda8HP Security Bulletin HPSBHF03436 1 - A potential security vulnerability has been identified with certain HP Thin Clients running ThinPro OS. The vulnerability could be exploited exploited locally resulting in elevated privileges. Revision 1 of this advisory.
5695aa787fe5e82c2be6c82f544299746f5ce21e3320dcdf97f877efbdd9c76fRed Hat Security Advisory 2016-0351-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves, if the build configuration files were later launched by other privileged services, user privileges could be bypassed allowing attacker escalation.
1d67ffb8cca2400542795a8de2e8474a214f90c5266ccb32dda15bda72c62531Ubuntu Security Notice 2919-1 - Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Tyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. Various other issues were also addressed.
4b2016c3d459906f5ca1fdfbdddca0aafc51d672827b6de0e5dfaceda561a24cUbuntu Security Notice 2918-1 - Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
68c6f8e26cef2ef6e8a29018680a4b07d9286bcb9e31dbf717c0e72f3c91e906Cisco Security Advisory - On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, the attacker must identify a server that supports both SSLv2 and TLS, and uses the same RSA key pair for both protocols. The attacker must also be able to collect TLS traffic for the server.
3e48e7bc17ea549f2a95b4ce4a89eeb478de92a8d4e421cab91f33d1486ad152Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
e144689122d3f91293808c82cbb06b7d3ac9eca7ae29564c5d148ffe7b25d58aThis Metasploit module will generate a .NET service executable on the target and utilise InstallUtil to run the payload bypassing the AppLocker protection. Currently only the InstallUtil method is provided, but future methods can be added easily.
9e35d2c51bee68e833236242c3adb8dc69a463ea689029ae6f66814719a27ccaRevive Adserver versions 3.2.2 and below suffer from cross site request forgery, lack of brute force controls, session fixation, information exposure, and multiple cross site scripting vulnerabilities.
9eca0a9a06ce2eb6e30eada22b5590b69c13dcb9f77ce7e219cf71f70634c6b0Cisco Security Advisory - A vulnerability in the web proxy framework of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS request packet through the affected device. A successful exploit could allow an attacker to create a DoS condition, causing all requests traversing the WSA to be dropped. The condition is temporary and no manual intervention is required to restore functionality. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
b61056cc436d6411ccd61d17f85de34dbd24fd081a1c562f8aa2cea0e14b9b1bCisco Security Advisory - A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
77582e655bc50f57e6ef7197b3eb3677a546c71939418ec63c17d78294f383deUbuntu Security Notice 2916-1 - It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. Various other issues were also addressed.
11e056de6dfb046779b736f70aa61c3166ddef3f52a845f803b60553b0168d67HP Security Bulletin HPSBGN03442 1 - HPE Helion OpenStack has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
6539fd974a37cf918334232d4666c73e3f1b4b61616cb996dd44f390809b7782Ubuntu Security Notice 2915-1 - Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.
9edf73e6f93d410e66ecf3a4b58f182c76001d3ec8b72e7c0f9ac14c8d07a7a7Red Hat Security Advisory 2016-0348-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.
54654828e27ff112fe8bf75dfb4a2a222c28127eca0012b00a1aba8594850ad5Red Hat Security Advisory 2016-0347-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.
5715b322726e4be89ba18235890bf93c72fc9a2f6846eaddacea468241dca48a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed