exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 180 RSS Feed

Files

SAP Mobile Platform 2.3 XXE Injection
Posted Jun 18, 2015
Authored by Dmitry Chastukhin

SAP Mobile Platform version 2.3 suffers from an XXE injection vulnerability. An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. An attacker can perform a DoS attack (for example, an XML Entity Expansion attack). A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access.

tags | advisory, web, arbitrary, xxe
advisories | CVE-2015-2813
SHA-256 | af39f3b02d6f59a59ac9adee1be7f700f929d9f74faaf58a79ef76213342f7ab
Debian Security Advisory 3291-1
Posted Jun 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3291-1 - Several vulnerabilities were found in drupal7, a content management platform used to power websites.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234
SHA-256 | 398bb888b259027615866997ab92ee63422e667b90163d54e5414e98edb42dd1
SAP NetWeaver Dispatcher Buffer Overflow
Posted Jun 18, 2015
Authored by George Nosenko

SAP NetWeaver Dispatcher has the function sapac01_sapgparam() that processes the ABAP kernel call C_SAPGPARAM. This function has a buffer overflow vulnerability. The vulnerability can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
advisories | CVE-2015-2815
SHA-256 | e0d91a9cfd6ae4da1cf1d65a172beb169596c06658d1838fb88f8be6eda0f0f7
Debian Security Advisory 3290-1
Posted Jun 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3290-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-1805, CVE-2015-3636, CVE-2015-4167
SHA-256 | 0fbb263c4d3f8891b1c58ec40a1bf47156f434e76c2141d84c6407ec9eb0c713
SAP NetWeaver Portal 7.31 XXE Injection
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

tags | advisory, denial of service, xxe
advisories | CVE-2015-2812
SHA-256 | 9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059
Red Hat Security Advisory 2015-1123-01
Posted Jun 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1123-01 - CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface.

tags | advisory, web, arbitrary, xss
systems | linux, redhat, unix
advisories | CVE-2014-9679, CVE-2015-1158, CVE-2015-1159
SHA-256 | b8be18fe93feda9e83358ade06c07fbf33652b9dedfb62d9a8e3b997ce16a542
HP Security Bulletin HPSBGN03338 1
Posted Jun 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03338 1 - A potential security vulnerability has been identified with HP Service Manager running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as RC4 cipher Bar Mitzvah vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | f73faeaa3c71b97758427a435b20b04199bd569651d10e0bdb1c92b0a1354ca4
HP Security Bulletin HPSBGN03350 1
Posted Jun 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03350 1 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2802, CVE-2015-2808
SHA-256 | fe1d558fbe29c55c7783573f0e8ce2e327d549008101137a3d8ffbedd47b5e51
VCE Vision(TM) Intelligent Operations Cryptographic / Cleartext Issues
Posted Jun 17, 2015
Site support.vce.com

VCE Vision(TM) software versions prior to 2.6.5 have been identified to contain security vulnerabilities that may potentially be leveraged by a malicious user to obtain sensitive information. A weak cryptographic scheme exists in the system library and a cleartext transmission issue exists in the plugin for VMware vCenter.

tags | advisory, vulnerability
advisories | CVE-2015-4056, CVE-2015-4057
SHA-256 | 51ade347570617484b11d1238e172c175ac13263924dc5c99651107083d0793c
RSA Validation Manager POODLE / DoS / XSS / Race Condition
Posted Jun 16, 2015
Site emc.com

RSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2012-3499, CVE-2013-1862, CVE-2013-2566, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231, CVE-2014-3566, CVE-2015-0526
SHA-256 | 703e04b821a0df9e65975d31c6a38a8fc2688b91256b2bfeecf3b49ca2c66426
Ubuntu Security Notice USN-2649-1
Posted Jun 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2649-1 - It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1833
SHA-256 | 7d5451bdd010c364078a583ebeb8b2ea946413d031c6886bd1a9f1f94760b3fa
Ubuntu Security Notice USN-2650-1
Posted Jun 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2650-1 - Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
SHA-256 | c3ee6d4a5670629f11fe50ed57e6cdd0dc404dd3bb4af89ba16a428653faabeb
Red Hat Security Advisory 2015-1120-01
Posted Jun 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2015-1805
SHA-256 | 3ec1967895e1681c1fef937c63310959e9099d0c14bde83f555875f3684d3b70
Ubuntu Security Notice USN-2648-1
Posted Jun 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2648-1 - Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the root user.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2015-1323
SHA-256 | e05a32cadd10925759bdbae89726726df91c6208026ce4e19f73e37857c62c94
EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass
Posted Jun 16, 2015
Site emc.com

EMC UIM/P version 4.1 contains an authentication bypass vulnerability that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory, bypass
advisories | CVE-2015-0546
SHA-256 | 78dbdf84e5e6fea60c5c569a4239e7b4a69a9358a122b03e7e12294bc7f068de
Ubuntu Security Notice USN-2640-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2640-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 122682e2079f57b9d20ea0a53cbcf1fa27541a19754e2ff8123b4183c67919ef
Red Hat Security Advisory 2015-1115-01
Posted Jun 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1115-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216
SHA-256 | 1b03a59ced9eb1deb3dcf1406ad52dd97e4fd2cb4f2722a75565166a58d99154
Debian Security Advisory 3289-1
Posted Jun 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3289-1 - Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.

tags | advisory
systems | linux, debian
advisories | CVE-2015-1038
SHA-256 | 4be0daf5b3f39172c01e0cf01217ee23e5f5eceee2070d75eb05fb357f095125
Ubuntu Security Notice USN-2646-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2646-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 60e696bc948e127ea85fd077ad0c209bf2f09534c2c0a8621a196e2cd97921b8
Ubuntu Security Notice USN-2645-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2645-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | de2b82ff912d766408dc20664b6f617bc06909cc0ddd19f4b148902d938c7d78
Ubuntu Security Notice USN-2647-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2647-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 81f655f162aa73118e6b4213c239628a4fc5ae162d9fda3cc8ebc5d36142523c
Ubuntu Security Notice USN-2643-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2643-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 46bd8c4289069bc8f1619e0e070000f2b1911c349d885324ec84b1829ab40f43
Ubuntu Security Notice USN-2644-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2644-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 941755602ec4f1f924dce22ad303c8570a47cadbfe65e3460042222d0f46dbc0
Ubuntu Security Notice USN-2641-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2641-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 7b9cbf736d04f0b23cbaf259f21e2c322036327619471c50a6d7479caa3b6a5e
Ubuntu Security Notice USN-2642-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2642-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 6bfcc19b73797a1c86fc721f991369d043fb6e00cf5a2dd6631cf1ad67a4248b
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Social Media Users Lack Control Over Data Used By AI, US FTC Says
Posted Sep 19, 2024

tags | headline, government, privacy, usa, data loss, botnet
Hackers Demand $6 Million From Seattle Airport Operators
Posted Sep 19, 2024

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
Recent WhatsUp Gold Vulnerabilities Possibly Exploited In Ransomware Attacks
Posted Sep 19, 2024

tags | headline, malware, cybercrime, flaw, cryptography
14 Dead As Hezbollah Walkie Talkies Explode In Second, Deadlier Attack
Posted Sep 19, 2024

tags | headline, cyberwar, israel, terror, backdoor
UK Activists Targeted With Pegasus Spyware Ask Police To Charge NSO Group
Posted Sep 19, 2024

tags | headline, government, privacy, britain, israel, spyware
Pip Dreams And Security Schemes: Chaos In Your Configuration Files
Posted Sep 18, 2024

tags | headline, backdoor
Apple Suddenly Drops NSO Group Spyware Lawsuit
Posted Sep 18, 2024

tags | headline, privacy, phone, flaw, israel, spyware, apple
11 Dead, Thousands Injured In Explosive Supply Chain Attack On Hezbollah Pagers
Posted Sep 18, 2024

tags | headline, wireless, cyberwar, israel, terror, backdoor
CloudImposer Attack Targets Google Cloud Services
Posted Sep 18, 2024

tags | headline, hacker, google
AT&T Fined $13 Million For Data Breach
Posted Sep 18, 2024

tags | headline, privacy, phone, data loss
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close