The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.
1b8625579128a6aa2eebdfe1d14a2d3ff5e447dbf25cd29275461b7cd5791be8The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
5646d8519790eceedb69ee095dc2f1fc17b73ac3ec0fd514b7fa68ad513dd937Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.
8267635397115a7b25f386e8ba0802efb22e55b7e7adf3d4e3cdb5c91b1eb2f6tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
4739dd1ec11070ea14aefa0e78e55957d343714a3c29815dd5487fc0a22c5c2cThis bulletin summary lists two re-released Microsoft security bulletins for August, 2013.
7d0f4a6f9c9d7a3301042d79b6505d33cdbef0a2282b9eaca1e1b979375e4931Sitecom N300 and N600 devices suffer from multiple issues that allow for access bypass. These include an undocumented telnet service, weak WPA2 password generation, and hard-coded credentials.
99804c0b7e1c70777811daae7e8627c0958d447242528aba044f1060b71f0b4dRed Hat Security Advisory 2013-1157-01 - Red Hat CloudForms Management Engine provides the insight, control, and automation needed to address the challenges of managing virtual environments. An input sanitization flaw was found in Red Hat CloudForms Management Engine. A user with administrative access to Red Hat CloudForms Management Engine could use this flaw to execute arbitrary Ruby code with root privileges. This issue was discovered by James Laska of Red Hat.
9107fa048862b41ccb4f7de6c918bae6bbf2532b169dde048d129919a6048a75Debian Linux Security Advisory 2738-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
5ee13cb1795d7a48b2912c75782eed27a5d04bc434a31b0a2a81f910b352d4a0This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as TrojanDropper.Win32-Rovnix.l.
483c3bdf2e2790640efc1c8e907d63d753619f2b530de037d2a0a9fcaabc0290
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed