The UI daemon in Apache Storm version 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.
313d55800f3841429c6c7e4111fca886753cb1e18bac2ecc4196684e7d19c6a2This Metasploit module exploits improper object handling in the win32k.sys kernel mode driver. This Metasploit module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.
1b4009bd1a5cf1594526be1c3c92cca6c5d12b793c2e559d0e4e7218d3be8242Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
e9b2744e72d379892672beb28e25af9cc5ddf048392a6bd23c37809b744cd7feThe openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
7105949900d8c8fc87644b07131fe4557c4bc0514a5dc6567edf5b2295a9fc31Gentoo Linux Security Advisory 201506-4 - Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Versions less than 43.0.2357.65 are affected.
957476c058c044db28e980b30ae0cae33a242da1ea10d77234f3541a8006016cUbuntu Security Notice 2651-1 - Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. Laszlo Boszormenyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. Various other issues were also addressed.
e43ff81e4eac19b638143530ecd655f45f29338ebb1060483b4634127142c235Gentoo Linux Security Advisory 201506-3 - Multiple vulnerabilities have been fixed in GnuTLS, the worst of which can cause Denial of Service. Versions less than 3.3.15 are affected.
0adfa249575677c9d1c80449549fb0e096bbb61f049168a097fb63ed6f005d71GeniXCMS version 0.0.3 suffers from reflective and persistent cross site scripting vulnerabilities.
ff313547076a385010a0388e8090baf724db16c86726dcf25cf49f517e03e6e9Gentoo Linux Security Advisory 201506-2 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1o are affected.
b959832120295fdb5bd555f5691546a5d3d9c082cbb839a74bf11f43345d673fKMPlayer version 3.9.1.136 capture unicode buffer overflow with ASLR bypass.
2839a962a1c9141ad1a237627223860d9b437a87fad0900b00a60f3e119b8993CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities.
db8fd44b429f5efa8ee12d1dc6642d89f935862eccf6819e967b27dda65afd5aManageEngine Asset Explorer version 6.1 suffers from a cross site scripting vulnerability.
22a17aa937ccf964e96c88e5892c722b2bea044a4c82a4739419702d6e36d718Ubuntu Security Notice 2640-2 - The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.
697723b7199c741ae728da226f5bebcdcee68c66ea47a4362db06cd672ac6bf329 bytes small mkdir HACK and chmod 777 and exit(0) shellcode.
7e4f76745a4a18bf209987c7fed55be4df47c18655fd51ab200f288f5b53157aMySQL Lite Administrator version Beta 1 suffers from multiple cross site scripting vulnerabilities.
22e45557bdd5891450a60cc931c906cf5ba0d0604bd539d0826cc6689d1c1fa9Zurmo CRM version 3.0.2 suffers from a persistent cross site scripting vulnerability.
b2542c507f34d80b4f84194b95281d6052024b7288453da30fcf989523252891PHPWCMS version 1.5.4 suffers from a cross site request forgery vulnerability.
1046ce106cdd2916a9cfc71edf099e976203abb3d5850f12d20df43b99c303ca
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed