Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.
d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862Core Security Technologies Advisory - EPS Viewer is prone to a security vulnerability when processing EPS files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing EPS Viewer users to open a specially crafted EPS file (client-side vulnerability).
1e976c709e9923b7de99cb14fb2f670c20a612913a3af82da2b7ddc3bc925d6aDrupal Node View Permissions third party module version 7.x suffers from an access bypass vulnerability.
7ca5999ea6318f70dcc57e0ccabbb7102184fb0146a57fbc7a302308d2e184f0Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
b1ea1870b8ffa92fa2b9399875bedbe661440f8f5a1a71aa38f9d130235ae5aeCore Security Technologies Advisory - Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.
21cd4dd29b0d5d565a77dc20c6f24d3e2536eafdb028b9c755120d0d051d37ddWordPress Wordfence plugin version 3.8.1 suffers from a cross site scripting vulnerability.
877036cb543d31efe9aeeced8a2497abf3c29130f3276a4cf110d0a249650272HP Security Bulletin HPSBHF02888 3 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 3 of this advisory.
8239e84bfea2e012f2e9ee091ba0f400119fe80706c62cfd2e732a4608f577aeDrupal Flag third party module version 7.x suffers from a cross site scripting vulnerability.
f1f231f32167e84be3f73dd02169b893610f503b40cd32c0074fdabdc225ed9cCisco Security Advisory - A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS server. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server. There are no workarounds for this vulnerability. Cisco has released free software updates that address this vulnerability.
24f4eb4918b68ce6f025d4f11b936967593ada6bace57a42d482fdba12d618c3Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.
7b5b33cd2756da3ffe8c64031b7e60cd9b0cbd4644f5ab8e89498500f2a141bcWordPress Encrypted Blog plugin version 0.0.6.2 suffers from cross site scripting and open redirection vulnerabilities.
8584bdef7145c52fd6508ebb8bc399f13fe30a4e1e37ccec276dae4e1e44f238Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.
fe4ecab0cd3f2337a6c819fe2cd9a3cdca982c55e8e4679b44d218f444dacefbGoogle Docs suffers from a clickjacking vulnerability that allows you to get someone's full name and email address.
f40d125935d8955f224c0956ab7c6e95c449baba74d1ba9b75aae6bd775a70d2Sites powered by Blakord Portal suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
4ff80a2526c8ff13609305d054befb8d70cd8a3312e6d2371f8392b5ce817b93The WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
17871129a30d053f15ebe5d29e7c76e76cd180faeff48ceb4f0500e1c251de2f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed