Rapid7 Security Advisory - The Accellion File Transfer Appliance, prior to version FTA_8_0_562, suffers from a number of security flaws that can lead to a remote root compromise. These include issues like command injection, administrative tty check bypass, static passwords for privileged accounts, and more.
0a8e02333db7c5c6cf71307a3206cf3d0cad0322edd4b58872ca8c87a34994ebRapid7 Security Advisory - The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL private keys, sensitive configuration files (often containing passwords), and application binaries.
20ca3fdc39b73e2548b7489b74f418527c50c20cd49f5f2936862c36d8309547Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.
226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8Rapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6.
d7ff7819bc5c1b9397d022f19065769fe00e58d1169b50c1ef3b83d03e7b2950Rapid7 Security Advisory - The VxWorks authentication library suffers from a weak password hashing vulnerability.
379e84021c2f004744e223233efe6130106bb86cc055a0b8c5acb03bbce54be9Rapid7 Security Advisory - The VxWorks WDB agent debug service suffers from multiple vulnerabilities.
fab6daf8569631c4a2596ae0cc4c47f64a1553291b74c6c1a6a4ee27c852fda4Rapid7 Security Advisory - mod_proxy_ftp as included with Apache versions 2.2.9 and below and 2.0.63 and below suffers from a cross site scripting vulnerability.
d723a57690d72923966acad66797f24628da48767d63926e982dee54557fc43fInternet Explorer 5 and 6 are vulnerable to a File Transfer Protocol (FTP) CSRF-like command injection attack, whereby an attacker could execute arbitrary commands on an unsuspecting user's authenticated or unauthenticated FTP session.
e29fa2fbfaeb4c5dca00851ee9f57bff81c9cbcfddd64aa674ee8193aead2097Rapid7 Security Advisory - JFreeChart version 1.0.8 is susceptible to cross site scripting vulnerabilities.
db2f22da130be7712b7839f2603c7dfac9b6b42c4068044300f28e7c16a589f4Rapid7 Advisory R7-0026 - HTTP Header Injection Vulnerabilities in the Flash Player Plugin. Two HTTP Header Injection vulnerabilities have been discovered by Rapid7 in the Flash Player plugin. They allow attackers to perform arbitrary HTTP requests while controlling most of the HTTP headers. This can make it easier to perform CSRF attacks [2] in some cases. When the HTTP server implements Keep-Alive connections and when Firefox is used, these Flash vulnerabilities can even be used to perform totally arbitrary HTTP requests where every part is controlled by the attacker: HTTP method, URI, HTTP version, headers, and data. Such attacks make use of the HTTP Request Splitting method.
690dff2f6bcdb4dff4133298702b4e384a67233ec74acc51f7657d2bad3974e6NVIDIA Binary Graphics Driver For Linux buffer overflow POC exploit.
5d2450f444f387f42c8606d2cb3e07fffbe0123b544d66467dc63bbcaaf8f899Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux - The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is included with this advisory.
679bc2010545bee7e81e23feffc3a19cbbc70fb9d92a8e22c1ecee59cc09c4e6Rapid7 Security Advisory - The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Versions 3.0.18 and 3.0.17 for Windows are vulnerable.
036753be0009b340c6c34e30fe2e5d09b38d1425a2b47a6dd6cf1d7cfbc3352dRapid7 Advisory R7-0023 Symantec Scan Engine File Disclosure Vulnerability: There is a vulnerability in Symantec Scan Engine which allows unauthenticated remote users to download any file located under the Symantec Scan Engine installation directory. For instance the configuration file, the scanning logs, as well as the current virus definitions can all be accessed by any remote user using regular or specially crafted HTTP requests.
4d71a2eee193a1059c22b4bd1473d7dc6d0355eb591b5b52a8dcd408efd6d8e8Rapid7 Advisory R7-0022 Symantec Scan Engine Known Immutable DSA Private Key
b4de8f7ac8fadf166331f3e6357452d67e13245d3d2cf1c757eec6d3e96e13a4Rapid7 Advisory R7-0021 Symantec Scan Engine Authentication Fundamental Design Error
3bece8abddf554ba4d0c57299c7e73675c86caa6a0fbf1c2ebab9ee47ce9f6a1Rapid7 Advisory R7-0019 - Directory traversal vulnerability in SolarWinds TFTP Server for Windows
6de7708c47505551fec62766fbeacfec804f360a4b485bb5b005eba41b0cfc67Rapid7 Security Advisory - tcpdump versions 3.8.1 and below contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, tcpdump will try to read beyond the end of the packet capture buffer and crash.
bf610b65d6dfc6a1e758210dd11a41752fa7ae6f05f82c0910e413398c61725aRapid7 Security Advisory - OpenBSD isakmpd payload handling is subject to multiple denial of service vulnerabilities. Known vulnerable: OpenBSD 3.4 and earlier, OpenBSD-current as of March 17, 2004.
8da0f659cc2f01757fe76a02ef81c99462ce0723e0c7b0c9c6d5be0d74ba2547Rapid7 Security Advisory - Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a denial of service attack when a login is made with an invalid remote password array. A valid login is required to exploit this vulnerability. Version 11.0.3.3 for Linux is not vulnerable.
ce1334b583816398c0865c95b48954c24802309142977d252ef92a816628f0f9Rapid7 Security Advisory - Several vulnerabilities have been found in the Apple QuickTime/Darwin Streaming Server, including denial of service, web root traversal, and script source disclosure.
088977e2989bbb584a3f0a1dd33037977138a112e0e0d0ac7e59fdc167b37bf7Rapid 7 Security Advisory - The secure redirect function of the RSA ACE/Agents protecting IIS, Apache, or SunONE web servers contains a cross-site scripting vulnerability. The redirector does not properly escape special characters, so requests for a URL containing special script characters will cause the ACE/Agent to emit a page containing web script which would execute in the user's browser. An attacker could potentially use this to fool unsuspecting users into entering their passphrase information, which could then be replayed by the attacker to the protected server to gain access.
d332921b1cffe2e12b86291375e5c8fff2ac5021f59bc3b7ad98fa7a22fa41c9Rapid 7 Security Advisory - In July 2001, the PROTOS protocol testing group at the University of Oulu in Finland released an LDAP protocol test suite that exposed flaws in LDAP implementations from multiple vendors. Lotus Domino R5.0.7a addressed these issues but regression testing on the R6 Beta release shows that it is still vulnerable to the issues PROTOS discovered. Vulnerable Versions: Lotus Notes/Domino R6 pre-release and beta versions, Lotus Domino R5.0.7 and earlier versions.
cdbcbb8ace4dd1eac056a47326a4c7d94f7ee4cee734a2d5b0c50984a1c31022Rapid 7 Security Advisory - The Lotus Notes/Domino Web Retriever functionality has an HTTP Status buffer overflow. By issuing an overly long status message in its HTTP response, a remote server can crash the Web Retriever process. The response line consists of the standard HTTP version and code followed by an overly long (~6000 bytes) status message, followed by two carriage return/linefeed pairs. Vulnerable Versions: Lotus Notes/Domino R4.5/4.6/5/6Beta servers and clients.
3f2e0431aa427592a575437b66bdc0a85215a479d21c84a10bf295c095007de3Denial of service exploit for SSH servers and clients from several vendors containing vulnerabilities in the greeting and key-exchange-initialization phases of the SSHv2 transport layer that allow denial of service attacks and/or arbitrary code execution. OpenSSH, SecureCRT, and LSH are not affected - vulnerable versions include F-Secure 3.1.0 and below for unix and v5.2 and below for Windows, SSH 3.2.2 and below for windows and unix, putty v0.53 and below, WinSCP 2.0.0 and below, and more. Includes binary files which can be sent to ssh servers or clients via netcat.
6b89b3721c386cfd26123193715b84e647d2b13cbc7c5337faa63bea2c1ae80e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed