Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.
1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862aNRPE version 2.15 remote command execution exploit written in Python.
c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
9e1d059a854c7452d4e992af1f56cbf73f5ba81749003700ac74a405686063b5Jappix suffers from a persistent cross site scripting vulnerability.
107180118407f89e40bf1d31d9e71d1f970b1b47742016591ef2b1a27d8e20e1Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
ccac50d8d03ae7c81314aa8188dda0dc4684861462b8f91c845daaa662548bdaF5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.
90bc183e4916362d71c4474e9345d2f9d2041b58846f35012b0a395feaf2417aAerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.
cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800ActualAnalyzer remote command execution exploit that leverages an eval.
8f2990bbfd3d05f330dbb9f7a0d5dc5d2bde4218361df5492b6297038b4bc115Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.
0537e551a6510f8813c0b1364ed2c664f69c09d7a2daea939ae50369296e203fXRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.
22da305ed8f31ea31597071bebb8862e1bbef05d26a2868faaa7c5cd07486cbeDebian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.
5e351a1d139585fb9520a9884e38270f9aa23af5afaf97f0010e61ce08fc9064Red Hat Security Advisory 2014-1103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
184a842d7a169d9032e982dd7804cbf9c1439b4ed8e0214ae3b6c70cd5f0dfdeDebian Linux Security Advisory 3013-1 - Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.
08ee1cc3f772b3107bc3b05694ec1d5a52965bb043eb604501975e46017a5876Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.
916e29698c752224a8cbb7a9c77d542b4db061a30ba237e61be04fcc7764a84fPlogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.
2229ede1572118bc72b109ff7e6d3bbcc1f082c43c519ec37c7328ee927f4032
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed