HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
4dcf9410e2b2d05ded7c38ebaa8868bdHP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
f2d66a55f98bcf0d0b7b594b659a35adDebian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.
71443fc7c69bfcab20e7eb1ab88349bbHP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
0df3665f2e015d12453d2d569d1f0ca3HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
388033c447c7f33f34f8050665d2febfHP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
4d4224e68626e86dd98e27f95e93ecdaDifferent devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.
72b8fb778fd1fdd823f1a701f3594e09This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
24fc892e9293e536950a82cf2c9c2bc1Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
9120bc404ccb10c6abc177860b52fe17Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.
bf466e892df822f79e5d6bdb528cc1cfESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.
6ce1da56bad1f48c668cb9252a4e75b4This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.
f67567bc74e9ae13b343617007b2eec8Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.
bb25866ae6bb9ac5cdc4f226fbd896dcJSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
2edcffd18bcf1a67406d14393098f47cSOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.
883b458f340bf4b144ed04e1de200778HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.
bf1c8f23e4e798b47e992453b1f3e499Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
c6b333a75080c99e68840b1e0f23508bVevocart version 6.1.0 suffers from an open redirection vulnerability.
7f2c968a5b692ef42facdc007e1114fc
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed