WordPress AzonPop plugin version 1.0.0 suffers from a remote SQL injection vulnerability.
d43fdd9d6e462d91f35b4a28afb5f0cc6681694b5836544ae808fda3203b36b118 bytes small Linux/x86_64 egghunting shellcode.
4be4948b091b9dfa6f038690c14c3670b190b01405203192db73c45d19c48cd5MobaXTerm versions prior to 8.5 fail to bind forwarded SSH ports to the loopback device.
5a2dd8e3090e538470c2fd7ddb6861827557340480151355fd3ca16a9e3d0ef5The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.
f61935b3b37229ff1b4f27ebaef671d58dbbebb3c4c012e1603981367b17881bGnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
4c903e5cde7a8f15318af9a7a6c9b7fc8348594b0a1e9ac767636ef2187399eaApple Security Advisory 2016-01-07-1 - QuickTime 7.7.9 is now available and addresses multiple memory corruption issues.
517e07fd6714e7e2ecd3ba64bcf60b39e9610286dabdd445685443f667059b2aRed Hat Security Advisory 2016-0010-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory.
89f20e4822a7bbff9cbe595e4c9b7e262ec003f61ce60cf39cc4b99cb1dc736dRed Hat Security Advisory 2016-0011-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
7361a87b868abd0536a182c1d2a161d23034925d598dfdc4ced441e5d36afe5aRed Hat Security Advisory 2016-0012-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
2be9da663fc2445d96233e12550216a67075737ef62f2979035aed0899647d28Red Hat Security Advisory 2016-0009-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb, would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
7744b8e0626a8901ae916b7e2470b53a173f787163b7b9145e30b729863d1beaRed Hat Security Advisory 2016-0008-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
52178e2035ec5d3abc8afc8f4c47472de6113e24e32fefd233c654376765669cUbuntu Security Notice 2865-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
4299b52f55c8c2830d857eaf3a6bad98b1e0a177474b6046f3f95782e39d671fRed Hat Security Advisory 2016-0016-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
1d8ff6e2ba56dc079e6a794292cbc443fa3729c3047b4fa27c6998e53fc0bfc1Red Hat Security Advisory 2016-0015-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
e7476774b5f9c85270690826f5f1e544dc5c73fbe57f70b44735340d28740d81Red Hat Security Advisory 2016-0006-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory.
edf0fb514d3c6ce3421118cdbbd2a073602544574ed4b012c2f36821051776c9Red Hat Security Advisory 2016-0014-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb, would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
b68687782b26d57dd2c5e68c3efd3463fe80d9a646ae0980128e2a9152d079f3HPE Security Bulletin HPSBUX03435 SSRT102977 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including: The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Apache does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters. Revision 1 of this advisory.
918b77ebec19829d1b59175aae0a8ee89dbdd934b71e72c94b5d47c034841f94Red Hat Security Advisory 2016-0007-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.
49cfd58614f0b0d586c03fd76f98b32154163b40e29b714e4486ec3f7fad0fa0WordPress Symposium Pro Social plugin version 15.12 suffers from cross site request forgery and cross site scripting vulnerabilities.
f82db69c55d75e7d641af48a0a2618294b87b297b5eaa1361b0915522fa7df05TrueCrypt versions 7.1a and 7.2 suffer from a DLL hijacking vulnerability with their installers.
b187b2c7c60559be858f2e25938339fb99a96d589a36224f2df31b6207d1c3f013 bytes small Linux/x86 egghunting shellcode.
4238f72dd1d09bd20c2070130ad571b9678c15bf2b98e1f8d3fd350b49dcd746Stanford's CGI subdomain suffers from a cross site scripting vulnerability.
b828d5f3b9d6e3d8a71e219a8d7e4af37707c72dd459f17ab0df4a06df946b7dUbuntu Security Notice 2864-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
d6dbb440dd90c2848a373a61e5571708dbda96879cf8b5d1e7825700e41d8227AVM FRITZ!OS versions prior to 6.30 suffer from an html injection vulnerability.
bdf821aa57faacdfb6631eb130eb6e07c1218ed15142670e47b5f07230d3de6e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed