A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
b7c5905da53dbedf0252c0e0eaf31a32
It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
50c91a8bdcdd159b0b9034e8ccc241ed
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
a06c547dac9044161a477211049f60ef
OpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.
d5e61bc62fd70b1e4faa9d5757fe8ea0
FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
8a30cb43be0ccad8caf129b707a6c904
A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
1579db71b1b93c28ae8678b57f16a887
Airties Air5650TT Modem suffers from a cross site scripting vulnerability.
1a64a72555a21261d960dc31ec517851
It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
9874325f86bef49d1ece9fd0d75e93be
BSides Las Vegas 2015 has announced its Call For Papers. It will take place August 4th and 5th, 2015, in Las Vegas, Nevada.
540e6ad52a6b5c6c905136c4e4710a9e
An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
38ab9bd223d35a3ae4036a23e8101091
A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
1ce9eb0a674b58ee302cff1521c315ad
A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
8b88774ea14080fe5e9b90b7285e9723
A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
75c8cf8cad96cde32de2124ca6a7d13f
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
b5a7bb3b7795ea4a02931e1a103d80d6
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0905638d0042501994a70dc5a5008bea
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
3229a84d50ed04e1c73f2ab068557038
Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.
4a2e3489d02d9cd892b08aaab0121cc9
Red Hat Security Advisory 2015-0708-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7.
4c1048b81d9ed718ffd81418ac590a61
Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
af6954b41cf8921ca646fd8bce9c0314
Red Hat Security Advisory 2015-0707-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6.
4711da4d34b9b974fb558928885acb13
Debian Linux Security Advisory 3197-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
81d2834847d1995a892ad45b8b801880
Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.
f4c6821ddf5b0a36e0ae02cf06c3c8d9
It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
654ea83b4f8835317d17c06f0d8566f1
Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.
fc064282844724e02708b8de4b4db8b8
The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.
5685c927d3a6f1b4721f023d1a424a8d