HP Security Bulletin HPSBST03000 4 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
e6542a96113ae0479b84ab7aa056ba62Red Hat Security Advisory 2014-0819-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.2 serves as a replacement for Red Hat JBoss BPM Suite 6.0.1, and includes bug fixes and enhancements.
4b9da714c4cd1f0a8d7a373e234cea91Red Hat Security Advisory 2014-0818-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.2 serves as a replacement for Red Hat JBoss BRMS 6.0.1, and includes bug fixes and enhancements.
4de634c1df8e254066c51ef8bacef962Red Hat Security Advisory 2014-0816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The SSH utility script created a world-writable file in /tmp/ using a predictable name, and then executed it as root. A local attacker could use this flaw to execute arbitrary commands as the root user. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
f409838510de848d2624057bdb6762fcGentoo Linux Security Advisory 201406-35 - Multiple vulnerabilities have been found in Openfire, the worst of which could lead to a Denial of Service condition. Versions less than 3.9.2-r1 are affected.
6ee45c18e89eca0ad1b65191e28d2fc0Red Hat Security Advisory 2014-0814-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. It was found that the ovirt-engine REST API resolved entities in XML API calls. A remote attacker with credentials to call the ovirt-engine REST API could use this flaw to read files accessible to the user running the ovirt-engine JBoss server, and potentially perform other more advanced XXE attacks.
78f8ac884cf0b57913aabc44fae8848cRed Hat Security Advisory 2014-0815-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.
08a5f90c85d07cd5db87068cce215844Debian Linux Security Advisory 2970-1 - Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.
a69ad988e27a650486aa3345c952d3a2Gentoo Linux Security Advisory 201406-34 - Multiple vulnerabilities have been discovered in KDE Libraries, the worst of which could lead to man-in-the-middle attacks. Versions less than 4.12.5-r1 are affected.
87d528407d0e9798c48f7829e1c9ed58Gentoo Linux Security Advisory 201406-33 - Multiple vulnerabilities have been found in Wireshark, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.10.8 are affected.
5ee303168fd92233fb43f7bccdd15435Gentoo Linux Security Advisory 201406-32 - Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected.
d9cd76f51005d3dcd235abaed9cde74bSpark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.
00d4cae32afc7dd800c0f99fa2089885IBM Algorithmics RICOS versions 4.5.0 through 4.7.0 suffer from cross site scripting, cross site request forgery, information disclosure, data manipulation, broken encryption, and various other vulnerabilities.
b8df7e37d1837ce179ae7e94c785a9abGitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
ee46caf85f37abd2c3b0838eea3b25adWordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.
5bd79c15b884dd6075f5cee6d905f57c56 bytes small Linux/x86 shellcode for shutdown -h now.
f7a071789989e250bf4b15ede724260864 bytes small Linux/x86_64 shellcode for shutdown -h now.
aead2a42ecd5bc727239c9ca2e0a527dThis is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.
d56d34728763832f62fc8b57670829be
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed