McAfee Cloud SSO is vulnerable to cross site scripting. McAfee Asset Manager version 6.6 is susceptible to a traversal that allows for arbitrary file read and remote SQL injection.
235fa0a455346bf78fc185e183a6d715c8696783a2e2e500e8bac0e9db5f3156Red Hat Security Advisory 2014-0310-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.
38c9a08689793ed4fe17d61018e3aa8c675fa8d5b8dc57eae2c8e68f9abd7d0dRed Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ed152ea19937dfd772c59ba8bdad4a73bae67c13b28bf59e21e0dec3e764f158Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
2a64c8f53e6dc048bca206f2a449803fc371f77164f14a295802d4991566105cUbuntu Security Notice 2150-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
9fd46be9a10b917dc455961f9ebfaefd537de7a30d8809e8ea6f33183e56470cA vulnerability has been discovered in Elemental-IRCd/ShadowIRCd all the way back to version 6.3. If a client does a SASL authentication before the server is ready for it, a race condition will be met and the ircd will segfault to an address out of bounds error. Demonstration exploit included.
4501916be0db906cac09b9b45bff1dbbfb26c9183a28a1ff168f52adf5ceb358The web interface for VLC version 2.1.3 suffers from a cross site scripting vulnerability.
d4f9ce54a51d0d689fe5c695c1fece0859bbe08ffca2fd732d3918b7d5054ec8BarracudaDrive version 6.6 suffers from multiple cross site scripting vulnerabilities.
9e9889ce63421a5123d2e2412d4c58b6d58a521e54123e508a9b2b6f5d249aedOpen-Xchange AppSuite versions 7.4.1 and 7.4.2 suffer from a cross site scripting vulnerability.
fa92825ba91c0472654c533544c6b2eb942b65f4321430779dddde151bb3a5a1ExSoul Browser version 3.2.2 suffers from a remote code execution vulnerability.
fdf3bd0df3ea66b9e281fffe25c9e152f5c20c599e6d56fc5a375d9e32c8a578Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
9a76b32967b2325f985c66790565d295d147840f3b9d6ca95d5850990a00cfefThis Metasploit module exploits a buffer overflow in Gold MP4 Player version 3.3. When this application loads a specially crafted flash URL, a buffer overflow can occur that allows for arbitrary code execution.
3da8325ad16a545338d4432ea3ca98df98052bedd020b25d70f23015fcfd6ab8Array Networks vxAG version 9.2.0.34 and vAPV version 8.3.2.17 appliances suffer from poor permissions, default and weak user credentials, and ssh key handling issues.
424281c262881d13818d8b421e2b8079d01b94b35e76add57e3557344aa28c2fQuantum vmPRO versions 3.1.2 and below suffer from a remote shell backdoor command that lets anyone ssh in and escalate to root.
86021585379df42396f7ae8a9afbc5718765133267144a1045108c43792f706fXTRA Browser suffers from a remote code execution vulnerability stemming from insecure use of the addJavascriptInterface functionality. The vulnerability allows attackers to execute code through targeted browsing attacks to pages hosting malicious JavaScript or by loading up a malicious file into the affected application from the local storage.
2a98b20d83883200c6dd809b0710b1bd174a2d328fd9b4671132306164912b5dnginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).
8352b0f536d1d2db731dbea6ffe0990452b85c17e1de3830432937e8c4173ec3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed