EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Versions 7.1.0.x, 7.1.1.x, 7.2.0.x, and 7.2.1.x are affected.
6f0b68c8e751cd424b8972c582ad8a92974e1b77ee9b99dedb2a55505e8f9b38Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5d0b57d29a32f76c996cc91d4b94ab498c193d6711fdde7eea60752b695f004fHP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
55b881f2a237e07f9560dcebcf5f78996c72fe03931da60fb9afbd2da087871dNagios XI versions 5.2.7 and below suffer from command execution, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.
b2bc3fb56452aab55e4934f25cfa1f170bf9d3121cfb3cd553f7362614ce86bbDebian Linux Security Advisory 3593-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.
cc51ad5824aa3a1fca661eea143d36a8c5e77ab3e0e2d8a44019befef9700dc1Red Hat Security Advisory 2016-1201-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.79. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
78159a6f0bf85dce99470832c2d8b9478ff09799fd17a3ba47b49663cfd97e2fUbuntu Security Notice 2991-1 - It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
7b76181d9ee7767473b5043115eb685538577b078986740e6f047b3c64a9826aUbuntu Security Notice 2990-1 - Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. Various other issues were also addressed.
73f21e3761ff9c2c84217f7d140aa28af93ba5bd5e170c1b968c4697b5b4030eHP Security Bulletin HPSBMU03607 1 - Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
0fcaa98109f349b0cc14e9fe32a0f10dcbf38053afd926747b325159bfe4984aLiferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.
4af9bc5284a2717eed36c719d395c99e7caa71650223cbe9e5ba3e327bfa0e63rConfig versions 3.1.1 and below suffer from a local file inclusion vulnerability.
e9527ef095ee289314dcf815489ccfdfa8ec90419bc3a1c7c408fd0d5795eadaBabylon Translator suffers from a cross site scripting vulnerability.
437506dc14a1742e3d449c69b8d154fb0b8582bb4cb44e1d81df1db63e91d579Zoho OpManager versions prior to 12 suffer from cross site request forgery and cross site scripting vulnerabilities.
eae2145c0ed41f7d44488933e7445821a3ebb25930df4a2b72a808b44cb90ebaUbee EVW3226 advanced wireless voice gateway suffers from missing authentication, plaintext secret storage, faux encryption, and buffer overflow vulnerabilities.
136d8d9b98223d40e7c03d66c3a2abc0fba9f39ac558264913751097548b20bbAnsvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
137f4129bf84d136fdaf3188611d5b02c8a2b428fdba539491a493f4dc8dd450This is a local proof of concept that simulates a keystroke to allow access when a firewall dialog comes up.
c1ee2b17cf0a5c1f567e375498763b8bbf6dcc1875ca919554fc51a2f74489ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed