Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.
e9d706cd0c19c49a6524b77db8158449b9c434b415fbf94a073968b68cf8a9f0Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16The Iris ID IrisAccess iCAM4000/7000 series suffer from a use of hard-coded credentials. When visiting the device interface with a browser on port 80, the application loads an applet JAR file 'ICAMClient.jar' into user's browser which serves additional admin features. In the JAR file there is an account 'rou' with password 'iris4000' that has read and limited write privileges on the affected node. An attacker can access the device using these credentials starting a simple telnet session on port 23 gaining access to sensitive information and/or FTP access on port 21 (with EVERYTHING allowed) and uploading malicious content.
ad28f751582d4594cec5c55c01bdc1eaae1d58398e82fe87383a507eb30e69aeThe Iris ID IrisAccess ICU 7000-2 device suffers from an unauthenticated remote command execution vulnerability. The vulnerability exist due to several POST parameters in the '/html/SetSmarcardSettings.php' script not being sanitized when using the exec() PHP function while updating the Smart Card Settings on the affected device. Calling the '$CommandForExe' variable which is set to call the '/cgi-bin/setsmartcard' CGI binary with the affected parameters as arguments allows the attacker to execute arbitrary system commands as the root user and bypass the biometric access control in place.
9ac64b5f4368e8e636317ddaac6a7d12f9f73b9c06e7360a07239e379b4f1e3dHuge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities.
4de2f91b2188085d1b161495281b6932b70d1cec9be6d62cde8cfe1b2ce6aa59Iris ID IrisAccess ICU 7000-2 is prone to multiple reflected cross site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the 'HidChannelID' and 'HidVerForPHP' POST parameters in the 'SetSmarcardSettings.php' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
e7183b03f0ff99292c399fd3826568ee44c2d72211f15de97442670cff6e2a47DornCMS version 1.4 suffers from a persistent cross site scripting vulnerability.
35669c12e372953170dc5e6c1bda9a396a80705f3562019600267cd32f3f3c22The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMR_PLGBLT, EMR_BITBLT, EMR_STRETCHBLT, EMR_STRETCHDIBITS etc. The GDI+ implementation supports bitmaps compressed with the BI_RLE8 (8-bit Run-Length Encoding) compression algorithm, and performs the actual decompression in the gdiplus!DecodeCompressedRLEBitmap function. The buffer allocated to store the decompressed pixels is not cleared during or directly after the HeapAlloc() call, which causes it contain heap metadata and leftover data of previous allocations. The RLE compression algorithm makes it possible to skip some (in an extreme case: all) bytes in the output buffer; this could be achieved by using escape codes such as "End of line", "End of bitmap" or "Delta". If we start the compressed stream with the "End of bitmap" marker, the entirety of the memory region will remain uninitialized, which will in turn lead to displaying junk bytes as pixels. In the context of GDI+ clients which make it possible to read the rendered pixels back and send them to an attacker or use as part of a larger exploit chain, the bug could result in disclosure of sensitive data or defeat of exploit mitigations such as ASLR.
8d5a33acbf833b3f227700647b9a190c6bda24e4e92617501ec844f76b1b3377Ubuntu Security Notice 3043-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.
7672e7429049c3c41db0b4271e098d23ac3c5c001aab2743839df5e0c4371f15Debian Linux Security Advisory 3631-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
38a66d762d614a958d7801c279d78dadb3c6ac4fce34ef4bc800ff8d7a0c22aeDebian Linux Security Advisory 3630-1 - Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc() function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.
5da39cc7be7960124d3a3a0b67e4b82259ece63499cc06e95475cdcfd7a14059HP Security Bulletin HPSBST03603 1 - HPE StoreVirtual products running LeftHand OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
7a1938552ec305f40be8a23af07bd878dc473a9a0b00a6ec1d1ad7c762c07075Red Hat Security Advisory 2016-1504-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.
ac052e67f91771e8218260f935fcd61f4427a255784dc765554eeb67002ea5b8Huge IT Joomla Catalog extension version 1.0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
9c25166a6b055251167cac9d73f262cb8fdfe462fc610b07ff5ffe47e4f85893Nusiorung CMS 2016 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c535c15366d217bb3f1c5c33ea85a9cd6acd9f8ad66dc8fd16eccf71a77dee0cUbuntu Security Notice 3042-1 - Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.
5f7cf77b7f5501688cb173a4207132ce4d544206d68f7befd58ae819acd5d38bWordPress ColorWay theme version 3.4.1 suffers from a cross site scripting vulnerability.
3bcf6e430117f011bfa6bd3a2b25554032fd79f8c9f5f3d375c6a42284fe8437Red Hat Security Advisory 2016-1489-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
92f448af05fa64277d3b3307da793e54460efff59bc1c9ba1edd08af9ef18f34Silurus Classifieds version 2.0 suffers from a cross site scripting vulnerability.
3fd2dd44592a87fcbb159e569f3987f00637646955585331a581070ae8b20876Huawei ISM Professional suffers from a cross site scripting vulnerability.
46902e937f7c2a0957308e0d1d356d671660c726f3aba4c8df628f882b039e67
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed