A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9eIt was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
d441a8929d46f3b81888279baadee2699e3507b40eda951a86945b935b33baacOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324aOpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.
fe15284bf2437645874b4048dc14c9e7a9cd6a3b5c6727c6e4f87bb62169bbb1FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
ad332f5b21771f4ca8ae82975b05a6c29ed9c3ba50715706826a895c84803d94A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56Airties Air5650TT Modem suffers from a cross site scripting vulnerability.
ab7c0ffdb194773ff18441ad3a3019c3de12206e027fdcf0f1d2ad8536e5cadaIt was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9BSides Las Vegas 2015 has announced its Call For Papers. It will take place August 4th and 5th, 2015, in Las Vegas, Nevada.
4bd75f070f336b13693bcebbacfb3817bc6c59eb58e525c248c52d8e96c3e000An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
bb6357690b58aa6a4b191b7aa985885a9140da18129605a49ab28a5d5f94739fA command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
25bdb20a5f5b3d42c931790e6cd29e66b72b1f64447adff01728369675f2c580A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
25a0b7a9df5cc011236dd7a3b788dfc90ab7e490e99ee01ab27b7e427abbf1f4A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
7668d0639a82fb6e91ad48888c3d7bd515ca0ed072a654718c3c05f3099551fcA cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0b2a8f256d6e1bbff59fe9299dff71fea85a0647f548112aeca2df8c229f8efcA cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
e753a3139ef1cd1757ba424112936d43b543c6cc2b2a4b844aa489ad404f66c3A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
141134491cadd7c74cea4c79f049a63533385f6a32812f238cead4440d47eda3Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.
33a1b6ad39a1a0e33e4f539a9bff855b2186411aa683ae4907abf7f7052665adRed Hat Security Advisory 2015-0708-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7.
f1d00065ca4e1d3daece34efc3120bbb51d9d72a0d25e3c210e36487f614a591Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
957fdac9249b40b0929254ee1f18d19ec578ddb14f7c37e718df02e9b9a1f1b9Red Hat Security Advisory 2015-0707-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6.
816e8eab9f1c0a34e97884847b9744b1e39a7b37045f693938be6773394ec3afDebian Linux Security Advisory 3197-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
502c16249125d36a8fc3440e578ad58b60a94b321161f560450e2beedb6e3d38Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.
13a087d5f2f67cb83cae17714e4c2ac16a5fac9e86d1e5c867d8eb4365e3950fIt was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
65939691ebbc97cc1c48cec0c147e8482d72899a48cea80d719973492c299369Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.
8b0545d79dddb6edb3e4b16cb96f955ce9377484475055942b60c012d1d98d58The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.
d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed