Business Solutions CMS add administrator exploit that does not require authentication.
0ffd3882003ceff982bf72e3495bf10cThe Microsoft .NET Framework contains an error in the Intermediate Language (IL) verifier which could allow hosted partial trust code to elevate privileges to escape a sandboxed environment resulting in arbitrary code execution with the permissions of the user. Affected are Microsoft .Net Frameworks versions 1.1 through 4.5.
b2c977d9688a0585d75e1206d9b93d0fMandriva Linux Security Advisory 2013-004 - The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce values instead of nonce values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. The updated packages have been patched to correct these issues.
a004c77af965def72affb378ad7a2c27Red Hat Security Advisory 2013-0151-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
70411968819cf613ad30ff35c1227e6bUbuntu Security Notice 1684-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
584630b2ba0b5110f9fedda129a9554bUbuntu Security Notice 1683-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
891c0d276e115dc5319aa49e43a7fc1aSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
2d40e176702954a2dfb9dcc9838078b1Secunia Security Advisory - A vulnerability has been reported in the WP SlimStat plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
108e5e5e48bca7ebb4a317224e0a73d1Secunia Security Advisory - HP has issued an update for xfs. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
3c8e2f90f7d4b4ed45708b90af713402Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
30167c82e764a94663577ede955d1e90Secunia Security Advisory - A vulnerability has been reported in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service).
8297c61fe4cb9c0cf8c770bc932f1751Secunia Security Advisory - Gentoo has issued an update for haproxy. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
cad3af3cd316b3809d4bfec5557bf848Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
5be59ff9ead9a8e0e618bcc074a14e44Secunia Security Advisory - Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
30bc406d2e0fa2640daa2675d3629483Secunia Security Advisory - Gentoo has issued an update for dhcpcd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
17ba3c0909579001fafefa3a7567d434Secunia Security Advisory - Janek Vind has discovered a weakness in the GRAND FlAGallery plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
c6baa1e18e41be5816cb064c3d42b137Secunia Security Advisory - Debasish Mandal has reported a vulnerability in Zoom Player, which can be exploited by malicious people to compromise a user's system.
a3952e5a4fab5704217bfd6400a74366Secunia Security Advisory - A vulnerability has been reported in CiscoWorks Prime LAN Management Solution (LMS), which can be exploited by malicious people to compromise a vulnerable system.
0982a47f79efdd34ef63aa43f8193205Secunia Security Advisory - Debian has issued an update for emacs23. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
348f9cbd89660500957c06d2ac1ec76eSecunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
817ba592aa4c5669d2d27abed9b445d4Secunia Security Advisory - A vulnerability has been discovered in Ettercap, which can be exploited by malicious people to compromise a user's system.
23108deab36dde8c41687a39acfeee6eSecunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
afcfbbf0471b87ecab18ccedd9b33467Secunia Security Advisory - Oracle has acknowledged a vulnerability in tcsd included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
dbefed980b8bd73ad2ac2cbbf92310e1Secunia Security Advisory - Two vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
8bae08f728c6a11129784665dc7393f0Secunia Security Advisory - A vulnerability has been reported in Adiscon LogAnalyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.
bf3d920e149c8f4a4b88588ed418718e
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed