HP Security Bulletin HPSBMU02895 SSRT101253 3 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 3 of this advisory.
846aa905e2c687ef8f34fafd6bb1cf80f5159821a102f71c2e1d64b014b52849HP Security Bulletin HPSBMU03118 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 1 of this advisory.
b446675da95f91aafef39ce68fc151b3ef8d9ce52518fbd0335c961e07dbf936Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities.
0420214b4d8e7885ff6112c9bce112f874056677399749e6e050d4409241720cHP Security Bulletin HPSBHF03124 - Potential security vulnerabilities have been identified with certain HP Thin Clients running bash. The vulnerabilities, known as shellshock could be exploited remotely to allow execution of code. Revision 1 of this advisory.
7bec20c1e05d7486cb10a36c31e3d2123d1225efbea951e4b4137db0c1155842HP Security Bulletin HPSBHF03119 2 - A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: Only the HP DreamColor Z27x model is vulnerable. Revision 2 of this advisory.
2a168e564f4b89a286c458982b1a9135992f03cf7a44f3613b8e5d0316184c32Mandriva Linux Security Advisory 2014-193 - A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.
7a7ad3026145d65eb92f2aa82fa23a5c4dd3b11d5cb4dcfc8ebbe17115033a9dMandriva Linux Security Advisory 2014-192 - The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via an empty quoted string in an RFC 2822 address. The Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via vectors related to backtracking into the phrase.
fd50ca84aa78f0224f164d19ccc837e9fe063dbb1cb0e10514545665ccda3d3dMandriva Linux Security Advisory 2014-195 - An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.
77134b00ae1715b1f20378bd5a8597ad5e3fcf9f81118afb707b3e8ef299981aMandriva Linux Security Advisory 2014-194 - With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This upgrade provides the latest phpmyadmin version to address this vulnerability.
0904a3c0c94c54bb74af53fbc21716de5d2ef6e3e6a7651512d5253d9c6e0921Ubuntu Security Notice 2369-1 - It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service.
42afc104b05ffc93e91d084099d695b9c68d3768a6f60113f73466a00ba45b4bWordPress BulletProof Security plugin version 50.8 suffers from a script insertion vulnerability.
78c44baf43c236e3eb5fc03b5b1d8b2505fa870de4d3200cfbf9d25f8701cf29This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.
a864c843ce6ef903a561a68316c0959dd2b138cad93a26d0f8f6d85e6d98db5dHTTP Commander AJS version 3.1.9 suffers from a cross site scripting vulnerability that can be exploited via exception handling.
900c6a99e280045e35cff27b2eccab426ed2761d18da6d7d5133d7e06c236934PayPal France suffered from a mail encoding script insertion vulnerability.
2c67295a0196ccd7740b6cf4796ce18cd32aa2d9f34e32404d044c1412774b32Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user's browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise.
0470832a32f532d43f5d3a0ee65181e2c78d893dc3b4564f92c67f9143488da5ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability.
5eaf4ac207e940c02019db54b7a27f528fb6f3c2afece5bd3746b21b6583c0d4ZyXEL SBG-3300 Security Gateway suffers from a malicious javascript denial of service vulnerability.
596f2b9195c266beca8ddebbb6e27ec2938aa82039cd2751ebd8e57bec2a6d6dElfChat version 5.2.0 Pro suffers from a cross site scripting vulnerability.
14c2be5038a765871520e53de63ae1d22508257a57f5adb84596065a25eb45eboclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
dbb6dcca361fa3eec3cfbddf19f3200ef41b9dca4bb3a33a686d04846b9035c0oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
ec5c6f57f887e4be87b3b6dcd26adb6a2a0179516f2b36ac0f9e81e5ec97b1cdRed Hat Security Advisory 2014-1354-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
b32eb23a922aaad612775171117381de11c2f5eb28b398659a771dccc74d4d25Red Hat Security Advisory 2014-1317-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation.
b962e7c0e3042f38ba447e5a27fe022040ac9f55d595d2db04814f50dbbae6c1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed