Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.
86551b3c0d17766625527eb34a6c14cce252c358fd6840a5969038b4022df058Ubuntu Security Notice 2821-1 - It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.
e80bf8eb05cb869629fb181fef4e8ce6ff45d5814e62e60eac7d3bf40b0cc724LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.
f01f4f3e01a6002596eda126f98c0d171d4c9cfae6920a1364dc2c23385e2639In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.
926ad5f5f27088ecc130997d08aa12a0ca81902394fe5f1767a391a11cdfa9eaRed Hat Security Advisory 2015-2522-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
809e280c3a7b28ef3849dd41013146eafcff4fe7afab41ae20a95a8c92f6d041Red Hat Security Advisory 2015-2521-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
0659db4fb18959becb1b68966660f9369016bb2edbc36966c2eb5bab639f4482Red Hat Security Advisory 2015-2523-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
1d94e5fd242f7da99f1762e3844877f90673339f11d9af4ce1156c460ea63bd3Red Hat Security Advisory 2015-2524-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
f9546e636f1967b0f887a87c03e59a4a51cc9a02ff48c100b01cffe74ab8a494HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.
de97ea4c72cb25e8cbe17f57855cac312d4ef10577f8830837d47392f45dc630Belkin N150 wireless home routers suffer from cross site request forgery, cross site scripting, session hijacking, and default credential vulnerabilities.
ccd6d7df0385f7fe44487b3572769d2a3e6d56e73e0aa366d26c92e320dce63fShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.
2c0f6f6b21b511449035e2b2b61b08aee0745f3cdf87d7aafc0923f37045eda2Easy File Sharing Web Server version 7.2 remote SEH buffer overflow exploit using DEP bypass with ROP.
b343788b936fa8d54e2e946f827f40f4d9105116d2e051d438e3240130b330b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed