A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
b7c5905da53dbedf0252c0e0eaf31a32It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
50c91a8bdcdd159b0b9034e8ccc241edOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
a06c547dac9044161a477211049f60efOpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.
d5e61bc62fd70b1e4faa9d5757fe8ea0FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
8a30cb43be0ccad8caf129b707a6c904A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
1579db71b1b93c28ae8678b57f16a887Airties Air5650TT Modem suffers from a cross site scripting vulnerability.
1a64a72555a21261d960dc31ec517851It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
9874325f86bef49d1ece9fd0d75e93beBSides Las Vegas 2015 has announced its Call For Papers. It will take place August 4th and 5th, 2015, in Las Vegas, Nevada.
540e6ad52a6b5c6c905136c4e4710a9eAn SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
38ab9bd223d35a3ae4036a23e8101091A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
1ce9eb0a674b58ee302cff1521c315adA path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
8b88774ea14080fe5e9b90b7285e9723A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
75c8cf8cad96cde32de2124ca6a7d13fA cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
b5a7bb3b7795ea4a02931e1a103d80d6A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0905638d0042501994a70dc5a5008beaA cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
3229a84d50ed04e1c73f2ab068557038Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.
4a2e3489d02d9cd892b08aaab0121cc9Red Hat Security Advisory 2015-0708-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7.
4c1048b81d9ed718ffd81418ac590a61Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
af6954b41cf8921ca646fd8bce9c0314Red Hat Security Advisory 2015-0707-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6.
4711da4d34b9b974fb558928885acb13Debian Linux Security Advisory 3197-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
81d2834847d1995a892ad45b8b801880Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.
f4c6821ddf5b0a36e0ae02cf06c3c8d9It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
654ea83b4f8835317d17c06f0d8566f1Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.
fc064282844724e02708b8de4b4db8b8The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.
5685c927d3a6f1b4721f023d1a424a8d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed