HP Security Bulletin HPSBST03000 4 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
d73fa1bd882e7f8008920c158bf623bc8f8b58fa93cf66a5af55c435e4a4b1a2Red Hat Security Advisory 2014-0819-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.2 serves as a replacement for Red Hat JBoss BPM Suite 6.0.1, and includes bug fixes and enhancements.
5b2018ca1ea60bf0c168ce31e1328db1823bbc6237ead19c714f783467b0aac2Red Hat Security Advisory 2014-0818-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.2 serves as a replacement for Red Hat JBoss BRMS 6.0.1, and includes bug fixes and enhancements.
be959037484d1a765743e14b992c71c12dc19b2d050e960a53ed6defd1d3f971Red Hat Security Advisory 2014-0816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The SSH utility script created a world-writable file in /tmp/ using a predictable name, and then executed it as root. A local attacker could use this flaw to execute arbitrary commands as the root user. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
ed0336504b371e408526319445a5c9fd1d368cc89d53bfcce748e66dc58f4a6dGentoo Linux Security Advisory 201406-35 - Multiple vulnerabilities have been found in Openfire, the worst of which could lead to a Denial of Service condition. Versions less than 3.9.2-r1 are affected.
41324993ffa3eb7b745123fc71b6da971e9a55bdf18cdf640e314610a2cc46afRed Hat Security Advisory 2014-0814-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. It was found that the ovirt-engine REST API resolved entities in XML API calls. A remote attacker with credentials to call the ovirt-engine REST API could use this flaw to read files accessible to the user running the ovirt-engine JBoss server, and potentially perform other more advanced XXE attacks.
05adc95783f571a217ffe1d911df66b509c35fc597481b598054f42f53193008Red Hat Security Advisory 2014-0815-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.
a010735c07300e81c05307db46a722929722e51bde6e7a4c5df209d29725b131Debian Linux Security Advisory 2970-1 - Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.
67f7c14f82e222e1693697e3659a72b9ae669ebe3fb08bb51ed5f7d72102d52eGentoo Linux Security Advisory 201406-34 - Multiple vulnerabilities have been discovered in KDE Libraries, the worst of which could lead to man-in-the-middle attacks. Versions less than 4.12.5-r1 are affected.
c63b9a944ba7c2935d68a4a420c83a2435da78ca96c29e73e8fb03e625d03496Gentoo Linux Security Advisory 201406-33 - Multiple vulnerabilities have been found in Wireshark, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.10.8 are affected.
b218ed0f4b25bc94042856f53c2c5fb0fd853c918f085b1972ba76584ad83010Gentoo Linux Security Advisory 201406-32 - Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Versions less than 6.1.13.3 are affected.
090fb98b78d165daf38005d744a51c041e7041bc82e7280894ff7c9447061a32Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.
1648d8f4e73ede106fecb1b26df6c6ee26b52192d6775810b994868fb4f449edIBM Algorithmics RICOS versions 4.5.0 through 4.7.0 suffer from cross site scripting, cross site request forgery, information disclosure, data manipulation, broken encryption, and various other vulnerabilities.
945e5852d35d3f39d7bede3cae55f9fa93875250647822bf399c4895974db9ccGitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
00b7d366435cf917c8e9dd552a46f3409e889e65dde7d0753735ef2ebe2b6d00WordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.
4c53920b98114515bc1f2346def95625fb01546704b44a6a30f469a4f29a1dea56 bytes small Linux/x86 shellcode for shutdown -h now.
af9cbefd009e0c69cf8e02310560fb4fdb27fa5f125eb912ebf7cbf3843e245a64 bytes small Linux/x86_64 shellcode for shutdown -h now.
305fe86022580df42aa8242abaf648d4013c15d0be3f2307de3611d7d1525563This is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.
e01e929f0159f35636b57ccb14d23133cee0871e331625923ed2e065e0033b49
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed