Exploit the possiblities
Showing 1 - 25 of 179 RSS Feed

Files

RSA OneStep 6.9 Path Traversal
Posted Sep 30, 2015
Site emc.com

RSA OneStep is potentially affected by a path traversal vulnerability. Attackers could potentially exploit this vulnerability to access unauthorized information by supplying specially crafted strings in input parameters of the application. Versions 6.9 prior to build 559 are affected.

tags | advisory
advisories | CVE-2015-4546
MD5 | 1466569ad46b4a6b634b507eee7e7477
FreeBSD Security Advisory - rpcbind(8) Denial Of Service
Posted Sep 30, 2015
Site security.freebsd.org

FreeBSD Security Advisory - In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2015-7236
MD5 | 85136eada6303b10454b9288940958f4
RSA Web Threat Detection Privilege Escalation / Information Disclosure
Posted Sep 30, 2015
Site emc.com

RSA Web Threat Detection versions prior to 5.1 SP1 suffer from information disclosure and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability, info disclosure
advisories | CVE-2015-4547, CVE-2015-4548
MD5 | fd6f34493ccb67c9f12e954ed209387e
Red Hat Security Advisory 2015-1841-01
Posted Sep 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1841-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site. All Chromium users should upgrade to these updated packages, which contain Chromium version 45.0.2454.101, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-1303, CVE-2015-1304
MD5 | f5523431a03fd843ba500bd9c157d392
Red Hat Security Advisory 2015-1840-01
Posted Sep 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1840-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-6908
MD5 | d5b96d8a94356d76d134850a5c659856
Ubuntu Security Notice USN-2752-1
Posted Sep 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2752-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5697, CVE-2015-6252
MD5 | 52554575e2a0ce5d684e1bc4fa1e368a
Ubuntu Security Notice USN-2751-1
Posted Sep 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2751-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5697, CVE-2015-6252
MD5 | 643e482946e57a7583cd9f40b72675e8
Ubuntu Security Notice USN-2749-1
Posted Sep 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2749-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5697, CVE-2015-6252
MD5 | 2ee701663b1b00bc0cfe1d85de8faed2
Ubuntu Security Notice USN-2750-1
Posted Sep 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2750-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5707
MD5 | 7ae61b9878679390fc739eeaf034b528
Ubuntu Security Notice USN-2753-1
Posted Sep 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2753-1 - Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1335
MD5 | df1085880d1ebae718836a8704ad98c9
freeswitch Heap Overflow
Posted Sep 30, 2015
Authored by Marcello Duarte

The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2015-7392
MD5 | eb4dea485d7aacf70aaa6db606c77381
SAP HANA Drop Credentials SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.

tags | advisory, remote, sql injection
MD5 | a6402db475df87bf86651eba28bcfc30
SAP HANA getSqlTraceConfiguration SQL Injection
Posted Sep 29, 2015
Authored by Fernando Russ, Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.

tags | advisory, remote, sql injection
MD5 | b20efa4c19f514ba212c26e4867acf3b
SAP HANA User Creation Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.

tags | advisory, remote, xss
MD5 | b86e2ed0cc2b299df4a08b42a5822d83
SAP HANA Role Deletion Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
MD5 | c651aa147ccce1311dcfa1b7e63159b4
SAP HANA Trace Configuration SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.

tags | advisory, remote, sql injection
MD5 | 244a9eaacffd2aaf4635e6f0f3891656
SAP HANA setTraceLevelsForXsApps SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.

tags | advisory, remote, sql injection
MD5 | 14b82dac7dd55d54893d48fa2d6fde05
SAP HANA test-net.xsjs Code Injection
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez, Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.

tags | advisory, remote
MD5 | 7f83f90bb6c3a098c918f18b05dd9086
SAP HANA _newUser SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - The SAP HANA _newUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.

tags | advisory, remote, sql injection
MD5 | 71b3c20ed3cd319ebe768be9e155477f
SAP HANA _modifyUser SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - The SAP HANA _modifyUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.

tags | advisory, remote, sql injection
MD5 | bb1b616558e9d5e27543b3423f7a5c91
SAP HANA hdbsql Memory Corruption
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.

tags | advisory, vulnerability
advisories | CVE-2015-6507
MD5 | d84bc960430406fcac7cb19e5e9fdeb2
Ubuntu Security Notice USN-2748-1
Posted Sep 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2748-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5697, CVE-2015-6252
MD5 | daf8e287eecb0fbf5eb1983d27bf2e98
WordPress Appointment Booking Calendar 1.1.7 SQL Injection
Posted Sep 29, 2015
Authored by Iberia Medeiros

WordPress Appointment Booking Calendar plugin 1.1.7 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2015-7319
MD5 | ee9784f4a41ac9bbd2f26c95aadaad5f
Ubuntu Security Notice USN-2747-1
Posted Sep 28, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2747-1 - Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2015-5950
MD5 | a061c1b205c49949ca797430d7dcd429
Open Source Point Of Sale 2.3.1 Cross Site Scripting
Posted Sep 28, 2015
Authored by Arturo Rodriguez

Open Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-0299
MD5 | c7aa2f74011dff159d1a2d9d4e7182d2
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close