This archive houses a large quantity of vulnerabilities identified in Netsweeper versions ranging from 2.6.29 through 4.0.9. These include authentication bypass, file upload and execution, cross site scripting, SQL injection, and more.
39d71feb2c0a4b792964ca2c7bb1c31d0c6d597b9627dff9d510ba1409e9372bThis bulletin summary lists fourteen released Microsoft security bulletins for August, 2015.
1dc27c6d1f643b44b0b58f861369cebb628412245e57dba1aa463c5ccaa54cf8This is a public blog posted by Oracle's CSO Mary Ann Davidson. It provides a rare glimpse into the corporate mindframe reminding us all that license agreements are always respected by hostile parties and therefore security researchers should not even consider reverse engineering Oracle's code base. As has been proven time and again, Oracle's bullet proof unbreakable security does not need public vetting and they consistently can identify and address all issues without your needless meddling.
d16deebdad2785cf38a42eaa182a2fd03f6976eacc830f7b05b1f5489393b40fRed Hat Security Advisory 2015-1586-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
07028284c26b9667002277f33827d74bc649bc8c2bc950e2c75afe28ad4d47b6Ubuntu Security Notice 2702-2 - USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
65d42413fe11e2a48dd6d53eeba68c39ca1690d1ee5c7080c2611bb212733ef9Ubuntu Security Notice 2702-1 - Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
eb4f0698d0840f8b27ecccf255319fc36fba0d604fe7a42f5d71b3a2662170e0Red Hat Security Advisory 2015-1583-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.
0432e0fe802370f2c71c251d54b8fcf57755cceb2d0f1a7bcfd68793d70485c0NeuroServer version 0.7.4 suffers from a remote denial of service vulnerability.
ae7a9b1978e25b76292356e560fc913019ece2f561906ed81d42f72200bd9068PDF Shaper is prone to a security vulnerability when processing PDF files. The vulnerability appear when we use Convert PDF to Image and use a specially crafted PDF file. This Metasploit module has been tested successfully on Win Xp, Win 7, Win 8, Win 10.
4cfd17506f3532fedc41f42c5f19c5b2b9e90caff1f4fc35680379640c1a8990My Contacts Backup Pro version 2.0.1 suffers from command injection and cross site scripting vulnerabilities.
ae4ff0155a9570186f3d94be2cbaa09c1faf9dd6b80ff4611aa29ffb5a78006ePrinter Pro version 5.4.3 suffers from a cross site scripting vulnerability.
af437bb2899fc9e6b11e06307c5f319e93e74501f935b1fdc54f33149b6fa690The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
37f145c575d4b49eaa2d0b6ed8067d1e4687f7fa3927b6154f7a5d7907ba947aQNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804 log crypto keys on an unencrypted disk partition in world accessible files.
ddfdf6fd5fb3490dae2ed64c6e9b6432242ddd203d798cd07412aaaba2d7b6edSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
60b2789dbc78910835fa27a1657fd42830972f8a75d1e6a6b17953a9a44a7c9bSlackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
7430ca94bdecc09ad7cd2be9327a0647919c50aa9377d1247701908672d920caDebian Linux Security Advisory 3330-1 - It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command.
9ec5ec85bdcecd061f51bcc28a6fc9bd8dcdc10d71ce40b998ad5ca072cf8527
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed