WebTitan version 4.01 suffers from remote command execution and directory traversal vulnerabilities.
31bb563ba45d9f1705203ffe533103b28d9455039d7f5594f6e0b5ff6584664bThis Metasploit module exploits a remote command execution vulnerability in Unitrends Enterprise Backup version 7.3.0.
990dbbca3608cabc6a86f28a9fb4e995a70d4fd9ca01cb2876fd6e886b835ca0The 2nd annual HackMiami Conference takes place May 9th through the 11th, 2014 in Miami Beach, FL, USA. The call for papers has been announced.
6154f2cb172ac4fd0f29bbed1da227ae544b63e7f674a4cc50ad8bfa7b7a1c50VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash. The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page. Adobe Flash versions prior to 13.0.0.182 are affected.
74271eacbddb7ae8c9fa82f1d54ba1847cb249784eb45f07684efc33d4fc7c18Xerox DocuShare suffers from a remote SQL injection vulnerability.
359f347609e558ed6a4327b3bbf7312d0184b8b8950c198fc1929251921926e2HP Security Bulletin HPSBST03001 - A potential security vulnerability has been identified with HP XP P9500 Disk Array running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
a4486d1e4a27dcf59435499f16a993dc43c9f57f6e185edd0623b6c166498376HP Security Bulletin HPSBMU02998 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
929b3f2cd69d6c070b694f99b566bce425a57f971ca91ac7a122afe88f7eb2f4HP Security Bulletin HPSBMU02997 - A potential security vulnerability has been identified with HP Smart Update Manager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
b71fe3a9a964fec200830af320a0bc29198483a1fefecfd84439a07026697de7HP Security Bulletin HPSBMU02994 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
9136db41f765d29c48c992de49b2c3261c352a943ab68120fe6788760476c093HP Security Bulletin HPSBMU02995 2 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
72c5dfc53db821c3cd75feadb5e9ec107d6c98de335d787941649d382bc15230Debian Linux Security Advisory 2902-1 - Two vulnerabilities have been discovered in cURL, an URL transfer library.
da3502c130f203873bf0e759e38b393026c7502c6a847b54750aeb3fb5affbd9Debian Linux Security Advisory 2901-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.
f49d94dbeb8d28f68730205644c298480c65c8a691c0dcd80f4f52c994206a7aUbuntu Security Notice 2168-1 - Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents.
1785c4cf7c8220484721a7d2be067fabb6c1b6da00df9402e67e3fb67239edfaMandriva Linux Security Advisory 2014-077 - Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image file. The updated packages for mbs1 have been upgraded to the 2.1 version and the packages for mes5 has been patched to resolve this security flaw.
b19982fd8981510714ae922d5c7e838c4c23421781ac09bfdf0549354f6a88e6Debian Linux Security Advisory 2904-1 - Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.
55710322d25bef7d15ba3a2da0ca8209657fed23bc990c607cacab173c065ba2Debian Linux Security Advisory 2903-1 - An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly.
fbc26dd666b0f44e0e8e541df2f9bd77d814bb2761d9030a503df52333edd9b2Apache Syncope versions 1.0.0 through 1.0.8 and 1.1.0 through 1.1.6 suffer from a remote code execution vulnerability.
6d94a96f8baecf063b4bc07ade222c1496c0edecf336e0795af31c63ae3aaddaclean_html in the lxml Python library can be bypassed with non-printable characters.
02b53f8cf39d78b7cfc1a5dbfd140961829e4754c5270a979f371e2ff32c11abOpenSSL library is used in Ruckus products to implement various security related features. A vulnerability has been discovered in OpenSSL library which may allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. An exploit could disclose portions of memory containing sensitive security material such as passwords and private keys.
e2389dde2b3d98946abd1657f86b8b235aa6c789773e1225b58757349034d256The Joomla SMF component suffers from a cross site scripting vulnerability.
691b1558f44036aa412a16d9d48319a2e05b950926b8f7adeb1cb8762a312014CMS iCAT suffers from a cross site scripting vulnerability.
4142a14039d875db3d4ba2aa458084220881ad8db02fefecb3781d62981f9bd0Joomla Wrapper component suffers from a cross site scripting vulnerability.
45596ee0e1e9bf3db9bb55c44f5aa93c0ce3579ef1b14446af9a10363d6940fcNetgear N600 suffers from password disclosure and account reset vulnerabilities.
3aa397170870ccd6711672cb816baf59707da906443dc86626bdc573625d75d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed