EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Versions 7.1.0.x, 7.1.1.x, 7.2.0.x, and 7.2.1.x are affected.
64416d6345e97e0bd96799c4e22fc02cSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
d14f54eb4b556510603c02ad3a35e458HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
0207d928f7226d4094ca1253ba2da50eNagios XI versions 5.2.7 and below suffer from command execution, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.
1ed41e403f4acb74859a8cdf66a9d049Debian Linux Security Advisory 3593-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.
e5d948e3ee9dc2bca7781c7e17816d38Red Hat Security Advisory 2016-1201-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.79. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
e546cbf309cf7ecda0c0b02375199170Ubuntu Security Notice 2991-1 - It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
242e04b1ad0a92a41ff5835865e899bdUbuntu Security Notice 2990-1 - Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. Various other issues were also addressed.
20c75259100cd19db0b390a4b4f94d9bHP Security Bulletin HPSBMU03607 1 - Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
6c857b91c2ccec55f2970decf648feabLiferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.
c64fbdf39059b7fa5e18bcecae0f2125rConfig versions 3.1.1 and below suffer from a local file inclusion vulnerability.
762009f992d1d06c83f107f5378da06eBabylon Translator suffers from a cross site scripting vulnerability.
feb81972ee8a9653f067a7798346badbZoho OpManager versions prior to 12 suffer from cross site request forgery and cross site scripting vulnerabilities.
6dc2978f5e3b33dd9583515da3f1ddeeUbee EVW3226 advanced wireless voice gateway suffers from missing authentication, plaintext secret storage, faux encryption, and buffer overflow vulnerabilities.
91757e21c30c2b93a678ef3af47b525dAnsvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
9d8599991090441a912825ec5a91e7c0This is a local proof of concept that simulates a keystroke to allow access when a firewall dialog comes up.
d47cdc89cc210d8e606aef4485efe7d2
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed