Red Hat Security Advisory 2015-1123-01 - CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface.
b8be18fe93feda9e83358ade06c07fbf33652b9dedfb62d9a8e3b997ce16a542HP Security Bulletin HPSBGN03338 1 - A potential security vulnerability has been identified with HP Service Manager running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as RC4 cipher Bar Mitzvah vulnerability. Revision 1 of this advisory.
f73faeaa3c71b97758427a435b20b04199bd569651d10e0bdb1c92b0a1354ca4HP Security Bulletin HPSBGN03350 1 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
fe1d558fbe29c55c7783573f0e8ce2e327d549008101137a3d8ffbedd47b5e51Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
22ac0cc872f12cef9bb2cacfe0720eed8533dc5cea102d21de511620606cb3b6Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.
8afef03dc758fc7e9258cea86f2165628c4ee859debcb92aa2ea90cfb8973453SearchBlox version 8.2 suffers from a cross site scripting vulnerability.
c50cf93766fdeb247be5b7f551e3e1f70a06620929967b43da8b53e840f1e73cVCE Vision(TM) software versions prior to 2.6.5 have been identified to contain security vulnerabilities that may potentially be leveraged by a malicious user to obtain sensitive information. A weak cryptographic scheme exists in the system library and a cleartext transmission issue exists in the plugin for VMware vCenter.
51ade347570617484b11d1238e172c175ac13263924dc5c99651107083d0793cSymantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected.
e6ac92a40468adfad041080b0dc12276912bcdfa8a08e999f17136b0003f5f9eBIGACE version 2.7.8 suffers from cross site scripting and file upload vulnerabilities.
33159b3a9180da99ad88ee3d773bbc6ec6a99088dc5297a33bf65aaf68c6079dAudio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.
a3a8905088e570ff7fa1984524f21cf56f5f55619ab6518165d24f7c5f880f37Alitalk version 1.80 suffers from various bypass and remote SQL injection vulnerabilities.
8471cf9736c040db77b8cbf37badbcfdb3f137f9f3664d06af4cbb5b1d6b24574images version 1.7.11 suffers from inclusion vulnerabilities due to trusting the host header.
58c8498e8bf4f00d45c7e52fd8d323c053bb404232140cfc9cb9537707c06ec0Imagevue version 2.8.9 suffers from cross site scripting and password disclosure vulnerabilities.
da17b864a9c9189ea39befb9d3b0dd1691517d8f6afb17b6cddc81e4e0716486MantisBT version 1.3.0 suffers from a remote file download vulnerability.
671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1e37 bytes small Linux/x86 chmod('/etc/gshadow','777') shellcode.
7835ef8dd303091aaa34f09e786f8af1c69d6250ccbffb724347d83a9ab3dcceThe research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed