Cisco Security Advisory - Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
d3e0d64b63c54ba0469aee4fa42dcf5ff5e60f7199f5afeb129bba00e9374e17Red Hat Security Advisory 2013-0827-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Openswan's pluto IKE daemon requests DNS TXT records to obtain public RSA keys of itself and its peers. A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records could cause Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary code with root privileges. With "oe=yes" but no RSA key configured, the issue can only be triggered by attackers on the local network who can control the reverse DNS entry of the target system. Opportunistic Encryption is disabled by default.
12cb976f5b69697a894c31503bb551690955b213858c4fa51b009f265a8d5326Technical Cyber Security Alert 2013-134A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
7714de8bb2671df1b661588d6aa17bc3ff066a21e79b5bb65dcefbf463b2b1e0Drupal Google Authenticator Login versions 6.x and 7.x suffer from a couple of access bypass vulnerabilities.
4fd844692eef3b5dbeab476ca9dc4f7e5099320e7f716570b6a7e73f12930035Mandriva Linux Security Advisory 2013-165 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged access. This affects chrome object wrappers and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting attacks. Various other issues have also been addressed.
6813ee081c57ba799f2853ae698c47af47848d549fc213a9c911e753605181eeUbuntu Security Notice 1828-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
fd37035618e80606f4668e9c073a2afa7344c987b9afdf487036c675526a79baRed Hat Security Advisory 2013-0826-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes multiple security flaws in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
3abd73f01e78888390ff9f7748d746e37f079e3b4cd03d89b9ea8f7acdd4d1b1This Metasploit module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell.
4e828bd76fd9d92b7193f91ff6cdf47c21ab888c351730fc0b672b1bdfa5d5fbUbuntu Security Notice 1827-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
d084c927d37fa7856a86a1c67d0cb08ce49025ed4b65ba08c08ee16befb718f3Ubuntu Security Notice 1826-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
48f6afef383991ac79f1dbdacf15e1d7e2ad5d5db8a458e6f8e361b6505c3ccbUbuntu Security Notice 1825-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
f288e8151e0a1203f7ac5f4deed6ee57292f26d67ab3ed7e7e441bc75e05c650Debian Linux Security Advisory 2668-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
f66b5875b109e5f665558463b3f9c59ae0cb8985c108bda014534f43c51d2b5fHP Security Bulletin HPSBUX02859 SSRT101144 3 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. Revision 3 of this advisory.
97b32abdd8e39e1e5b9feabde6030395b429177c1152753dcdf6fc4a860b318bUbuntu Security Notice 1824-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
61cfd0da9e862caf667f2f7231d0b4d0ff7b68b7c6ba016808af14830d2d8422Red Hat Security Advisory 2013-0825-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
01dec1cb5d084648b494fcf4bf54146c495a5122490837b9ad92a8a177d8b1eaExponent CMS version 2.2.0 beta 3 suffers from local file inclusion and remote SQL injection vulnerabilities.
c66432c06b6aeb8a14da0a5432997dffbde3bde7c22f8d34fad4191d2231131fQuick Search version 1.1.0.189 suffers from a buffer overflow vulnerability.
14d59285c5ed109c4f6adeede8aa3624a3d43932eb94e78755c80a7b5a59e49dServa 32 TFTP version 2.1.0 suffers from a buffer overflow that can lead to a denial of service vulnerability.
4e83b6cf9a0c72de0168d68fecbe328e506b687a9e335e93fd3f94d0fb79a278WordPress wp-FileManager plugin suffers from an arbitrary file download vulnerability.
8dda5da2f213f0a8dcb61d7c80170b9f2a240cf5074032ff8c683bf0160e4594Kloxo versions 6.1.12 and below contain two setuid root binaries. lxsuexec and lxrestart allow local privilege escalation to root from uid 48, Apache by default on CentOS 5.8, the operating system supported by Kloxo. This Metasploit module has been tested successfully with Kloxo 6.1.12 and 6.1.6.
a70607f00778f48b03ab7e80bcb005fc5ae1a0f4e784ea6219b2ca83f16982c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed