HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3HP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
cb810cc00faa60f39ac5e93a3c429e996fe9dc854eeaed218dbb42a7380d0270Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.
e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551eHP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
36ba059b9acedf2bacaf76b60979c8057c5973ea903070f309a681ca4a388e4aHP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597dDifferent devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.
a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bffThis Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9aDifferent D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
e20ef0dd89ff88caf92c753721ba8454b95e56f6cc1668c930745008c71c7246Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.
4020cca47ad48bad8205cc27d4fc29cfb9c596aa0ec345c05d58ff93a38af714ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.
ca946d1c96a67953dcdbf356af61138199a591b19f2e94b31632830e11113290This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.
bbc82f1d4197ab39b95472137a8ac96adbcfc361152b02976825089cc906d144Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.
a557a41cc14f0fa4371e88173d14cc9d2536437e1d9f3a70dba00fcae55b4b4bJSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
8c8845746909deb94bd650f31176c3002998cc354834cd3fceef8f287bc9ffb3SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.
b2f2c880262864949aed2787d7dbd1a1af58648ac6dc6fce4d75c119ce30c8a3HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.
355c585f8c958b94f6362d293f801561c9df1b4c0315d1c836d83e169585da08Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
ccc8d7042208971ccc1a5b517c5d3acce70ae9a88bb02dfb50ca9bb3a7a31ca2Vevocart version 6.1.0 suffers from an open redirection vulnerability.
d7f23912aab51e824ef12b4488419191ca88592fdd7e16d5a9c8952118503303
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed