Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.
101abb232873cca16dc19d18de85b3977b7db101c7823334f4b70fcada3423a8Red Hat Security Advisory 2015-1086-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
db83beac5fe93d8aefca50eb522e34464a8b354f0e56501cf40abcb40932e378Ubuntu Security Notice 2630-1 - Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.
0cf8d12b43821d761977856e4b4c7a6239ab8e88288255906bfafed04c494023Ubuntu Security Notice 2638-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
6942662bbc2cf4e39a28196fa2be2e88a0c52615e70e44cc00752fd789290733Ubuntu Security Notice 2633-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
94a979aa18d5d19f77e0fd9139085db8fede248b5ca99633d3dd5e43fb0d843cUbuntu Security Notice 2637-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
4e1e1f887e80da6543fabb8678249142a514c1579b76e665fb11950144e98f67Ubuntu Security Notice 2635-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
8eb3f8978ff14d623d6e1288082230f137fbcf13c00e7e4162587e2623df9b8fUbuntu Security Notice 2634-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
21a8fca232d6d70cebc3cfa7f141aba457f6c73dbbdf9dd206b248bfe0e4c097Ubuntu Security Notice 2632-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.
3ebb55213318d601853a12f0808728a6b4ce09f74d102780213ab5e5f49f8627Ubuntu Security Notice 2631-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.
dcf2ecac03d8b8b31c3d14dee7a678bcbea7092733daae8ed72b7b8b585b517fUbuntu Security Notice 2636-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
3be06843caf5c63588549fe3a96b94810645e9d0efc26779131f51e2c0c64f64Red Hat Security Advisory 2015-1087-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
0fe1945be6bf962325bee5e730727f5f8ea145f6c15adc6c7d73a550c9144439Red Hat Security Advisory 2015-1089-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
b4c26c5ed1a0b3e115749608ddee7e1368cd77c7cb48bf24870a5399e75da672Red Hat Security Advisory 2015-1088-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
e096b5cda74de0e4008ee21cfe87fe2c036e2a6ffb12d3f0be5fd982807358d1High-Tech Bridge Security Research Lab discovered use-after-free vulnerability in a popular programming language PHP, which can be exploited to cause crash and possibly execute arbitrary code on the target system. The vulnerability resides within the 'spl_heap_object_free_storage()' PHP function when trying to dereference already freed memory. A local attacker can cause segmentation fault or possibly execute arbitrary code on the target system with privileges of webserver.
97375f017fbc6339f20309d1873f364d4f4bb2e3171ae12a6883001f4efb66fcISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
7b20edde24f0f1fb2d963049457764c5312fb3b6037c0261c180f81ce8d63252Bonita BPM version 6.5.1 suffers from open redirect and directory traversal vulnerabilities.
318aebbb7238bd95d83a383ed6cec374ab8164e93742363befdec484d42c0016During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface.
ebb5b0b74f92ebf4cf2025ae52d59a24ba40fc8487415190d9d0bd7efdc814adDuring a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks.
81e6be2bf4112b23f31a9a4eb65f9147c563e93f5117e6190c5f3a95354f3823Elasticsearch versions 1.0.0 through 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create a file that another application could read and take action on, such as code execution.
40fbbad63203d51d9594c5a223b36155c3bc025496d567a1cd717891d12e5525Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to overwrite files on the server running Logstash.
15f05c723e1b04d767214a61d1c74ca2c6761f51c75c29b5564d9ff5525fe92fKibana versions 4.0.0, 4.0.1, and 4.0.2 suffer from a cross site scripting vulnerability.
49c7e5c94dc36f2240b1ab23d6ffcbb9873f9a1280b585195865fccb340cad36HP Security Bulletin HPSBUX03341 SSRT102068 1 - Potential security vulnerabilities have been identified with the HP-UX Tomcat Servlet Engine. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
27c4a14678f484ed9939574e552c6be1866f9f3fde8c488f6d223027bfe42693Debian Linux Security Advisory 3283-1 - It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server.
4bb1f8f597ffb70d92f9dbd9bb3ce6a9a6d999bdf0da483f77b50b2026719800Ubuntu Security Notice 2629-1 - It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. It was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. Various other issues were also addressed.
03f971a061a4371443052c07993058ec10e7014c262199ef78bfd21952540544
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed