HP Security Bulletin HPSBMU02895 SSRT101253 3 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 3 of this advisory.
14a88d8c8f39b93b3f09787dec2eb83c
HP Security Bulletin HPSBMU03118 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 1 of this advisory.
355f0faf3518a224be2c44149f3452d0
Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities.
c14a5043b81312f347548efa8b574674
HP Security Bulletin HPSBHF03124 - Potential security vulnerabilities have been identified with certain HP Thin Clients running bash. The vulnerabilities, known as shellshock could be exploited remotely to allow execution of code. Revision 1 of this advisory.
0754796f002e67a22c307112713231b9
HP Security Bulletin HPSBHF03119 2 - A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: Only the HP DreamColor Z27x model is vulnerable. Revision 2 of this advisory.
fec01a28cde2d745e16691f3466cc403
Mandriva Linux Security Advisory 2014-193 - A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.
9fef816de2870e5929c87d7e6d8631c3
Mandriva Linux Security Advisory 2014-192 - The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via an empty quoted string in an RFC 2822 address. The Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via vectors related to backtracking into the phrase.
a23dafdcbef4536016bec1dfd6dce173
Mandriva Linux Security Advisory 2014-195 - An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.
b7ef4ec6dc97bf0be109ef7af7928651
Mandriva Linux Security Advisory 2014-194 - With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This upgrade provides the latest phpmyadmin version to address this vulnerability.
97fc1e4379152cb58896ac2e34f20213
Ubuntu Security Notice 2369-1 - It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service.
ba54454edc25727c2de7da3f01c53bcd
WordPress BulletProof Security plugin version 50.8 suffers from a script insertion vulnerability.
8fde812fee3099ff709f4bfba1076b60
This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.
773d0a059a29f1fbe77093d1a3f5379a
HTTP Commander AJS version 3.1.9 suffers from a cross site scripting vulnerability that can be exploited via exception handling.
f151cc6200d6a66cdc6b9407d3f69cd7
AIS shellshock scanning tool that leverages the User-Agent header against a large list of possible targets. Written in C.
74ab1fba2486673b18ce5c1a7900ba50
PayPal France suffered from a mail encoding script insertion vulnerability.
435417f1e5f270951d4bef17ea2fe8af
Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user's browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise.
0f8a57cde7567ce6ca8a60f8edb33116
ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability.
1ba01cd0971e92d0eb7e4771d66c71cc
ZyXEL SBG-3300 Security Gateway suffers from a malicious javascript denial of service vulnerability.
282b257bf5b5859ca0c24098bf1f14ef
ElfChat version 5.2.0 Pro suffers from a cross site scripting vulnerability.
b3286d8ac49587ad62d6328987d3cc84
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
b07045784ec7f4913293ea2cc6eac5ca
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
81f00b1f345a27e0edffae693707943c
Red Hat Security Advisory 2014-1354-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
b5445223c3bf06729754cd306a178e13
Red Hat Security Advisory 2014-1317-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation.
656a1f5ce8f882d87c399d70998524e1