AdaptCMS version 3.0.3 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification of uploaded files. This can be exploited to execute arbitrary PHP code by creating or uploading a malicious PHP script file that will be stored in '\app\webroot\uploads' directory.
5b566183baf344d655c35712b81e46cf526107609f4fd7b1bd1927b963915827AdaptCMS version 3.0.3 suffers from an open redirection vulnerability due to giving implied trust to the HTTP Referer header.
0bae89972bb325d03e3e953fa608c002315df2ecd8d8f8c85d95edac75c9d692AdaptCMS version 3.0.3 suffers from multiple persistent cross site scripting vulnerabilities.
6f9af3f51b4bdd59ee2d675c919d9ac43718212e55595b6445dfc42030c32c48Open-Xchange Server 6 / OX AppSuite versions 7.6.1 and below suffer from a cross site scripting vulnerability.
082a1460b2f65e6b4b3397a9ef978268baecb50e15bea63170fa4f7b077f109bMantis BugTracker version 1.2.17 suffers from denial of service, potential cross site scripting, and arbitrary redirection vulnerabilities.
73dc034d9a5622082847c13fa1d43e825d41a1ee7d9873124267bbb560c947f2ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities.
b54ee8abb80c4bd0609677cf861ed3705c479b3f720f286b5441144adbe04dd3This Metasploit module exploits a local file inclusion vulnerability in HikaShop version 2.3.3.
330887e904358c968e0c5a9618e1a6ad9b321fb038a0dd04d60338680d8879b0Red Hat Security Advisory 2015-0012-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.
ca083b01c8f9a7386f261b92ac080ab69b47dc6bf027c764a270dba716ad344aRed Hat Security Advisory 2015-0011-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.
fd8bba75431eec14cb15cd179b80b5fef21f643a50bf4c2b87cb5e5fbc057246Red Hat Security Advisory 2015-0010-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.
bb7fe5af8bc53be9282da58dc56e621d1e140c0fe69dae1bca6991990e0a5efaRed Hat Security Advisory 2015-0008-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data.
47b92016c37dad05ce4e73dd6d9ea1d07fed20f3ca473108ec23899b17cbe915Red Hat Security Advisory 2015-0009-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
20792dd2a836323ed4aa16764c419880226793382ed4a49bcd87a4f9128bf365Mandriva Linux Security Advisory 2015-001 - Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts.
0f1dea29e268a7f4a77c6e776111c3f9721118763c213c2c9168cb99163161a7Mandriva Linux Security Advisory 2015-002 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.
2ffcd11f97716e4151519925f517a82754da69cdc9cadec64fd85a07d8718635Ubuntu Security Notice 2450-1 - Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2 payloads that contained the Diffie-Hellman group 1025. A remote attacker could use this issue to cause the IKE daemon to crash, resulting in a denial of service.
e073ae358688cdb0a21ed9905fb080eec7a566c02c4544015e7bbc5c380b8632Debian Linux Security Advisory 3118-1 - Mike Daskalakis reported a denial of service vulnerability in charon, the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish IPsec protected links.
91576f7385c43a747a2bfef670107ce781eb7b9078e1d06556b956c390322cd6Mandriva Linux Security Advisory 2015-003 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. The ntp package has been patched to fix these issues.
e84745145e8e44d6f35dc2a132bbaf18a67dbe74926eba9217d0cebc264f9899Mandriva Linux Security Advisory 2015-004 - A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize(). PHP has been updated to version 5.5.20, which fixes these issues and other bugs.
058189a3c8209a4c39aaad536bbf8fd7b6a01b3209d632a837900d21828a87c1ASUSWRT version 3.0.0.4.376_1071 suffers from a remote command execution vulnerability. A service called "infosvr" listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the "ASUS Wireless Router Device Discovery Utility", but this service contains a feature that allows an unauthenticated user on the LAN to execute commands less than or equal to 237 bytes as root. Source code is in asuswrt/release/src/router/infosvr. "iboxcom.h" is in asuswrt/release/src/router/shared.
19b4ec9b8aeb757d1ba6967c45ecef08879b6f6af70c1229a469d514f5078599Online Airline Booking System suffers from bypass and reinstall vulnerabilities.
c25e70d42baed35df5a941281bf8b4ec570df7d62671ceb53bdd18fff866eaaaZTE Datacard MF19 suffers from privilege escalation and DLL hijacking vulnerabilities.
0a58cb293ab6ca5b7c6dd277d515cac9ffd400d28d730f8ccc40983565e47648
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed