Core Security Technologies Advisory - SAP Router is an application-level gateway used to connect systems in a SAP infrastructure. A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack.
67534b1aa55c4ebc99ebad2f7db41847f6e0a096fd1ef794897091693aa6aa8aEMC CTA is vulnerable to XML External Entity (XXE) and information disclosure vulnerabilities that may allow a remote malicious user to compromise the affected system. Affected includes EMC Cloud Tiering Appliance (CTA) versions 9.x, 10, and 10 SP1 and EMC File Management Appliance (FMA) version 7.x.
af60406e0c07f546fc93a7c4e3a0eee9599dd22a265f47327d80f8c66dc24eacNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
6feba861a1f1a854a992914e4afbc72c03891f12ee73e9d6c5711ef9858188d4MobFox mAdserver version 2.0 suffers from a remote SQL injection vulnerability.
469bad10763b6818af316c907c21b5437b0335df565f56c9356dd44dd0cce242WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.
c02e58412a1d791bba874a01d9d7de079487428a4d6386a5000a3a88f7464688Ektron CMS version 8.7 suffers from a cross site scripting vulnerability.
9637b8b1c6742cd767c5158770127fe5062c9de9308e72ad987388ac7dba136bHP Security Bulletin HPSBMU02999 - A potential vulnerability exists in HP Autonomy WorkSite Server (on-premises software) running OpenSSL. The vulnerability can be exploited to allow remote disclosure of information. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
2ade1a02b85d543c8f621e8b2e60d0f7b8765b928d4f613aee862c249d6eab42HP Security Bulletin HPSBUX03001 SSRT101382 - A potential security vulnerability has been identified with the HP-UX Whitelisting (WLI) product. The vulnerability could be exploited locally resulting system integrity compromises. Revision 1 of this advisory.
78596eddae03b2808d1d687f1532841bc8f57158acba518fa16ac890d511a888Debian Linux Security Advisory 2905-1 - Several vulnerabilities were discovered in the chromium web browser.
3bf80668059e80d11bd10afabf17b49b4fd492b6b14c3f10e374498a3b0a0e39Red Hat Security Advisory 2014-0408-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
88fddb9b9e3aaa8e057193e51a00d709088300825606820ee4b66f23f7eb4e0cRed Hat Security Advisory 2014-0406-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
9eeb99798d9302f74aed1b19c1c8c066a1ef51f28dbc76f718791cb3ec0d1c6eRed Hat Security Advisory 2014-0407-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
ecb205450da7276a8a2a49d2dcf8d32d2b41e9fed07d44df3a1bf0874934225aDebian Linux Security Advisory 2907-1 - This is an advance notice that regular security support for Debian GNU/Linux 6.0 (code name "squeeze") will be terminated on the 31st of May.
a514183d2b22e9dfc9b1354e00b8dbcfe455c5a7ad09a40ced3b3b6d7c411bd9Mandriva Linux Security Advisory 2014-078 - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly. The updated packages has been upgraded to the 11.8.1 version which is not vulnerable to these issues.
a0a04e709341076d8907ad13869e2a5dcf340db01df322e1f815939a498720fcPCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.
12bb65a7bc6783dea9e1ade46281f4de7f58d684482c5c0ea3f406da057f11bfCMS Studio suffers from a cross site scripting vulnerability.
f33f9d853dd9b613db5cbd03c7aed249f72f61b514909503612db63af377ca1eThis Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP.
10fcb5c8d675a721b05ed3e69363ebeb92832f95ef6672333150a8c4b295da5e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed