GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276Red Hat Security Advisory 2016-1625-02 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
e46f7e48c371c1fb23dc15c019ebef4662dc5d09b16f0d3ac63da730c3ac35b6Red Hat Security Advisory 2016-1624-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
ca7ccdac8b6da50eb2b2518f63459ecd23735de90547e027d6dc0d4318c75e65Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
05d69e401006acaebfc9c7c51cc1d781e8c2439f1ccfc2b05ef2d928ee6f5a63Siemens IP-Camera versions x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, and x.2.2.1235 suffer from an unauthenticated credential disclosure vulnerability.
6f66438ce50ec2d5fc732fa79d30cf3d29dcbb1b1a9b5a54690478fb7fa6a831There exists a Microsoft Windows kernel win32k.sys FON font processing divide-by-zero exception in win32k!MAPPER::bFoundExactMatch.
86fb74f0e63010ff0a7fb4973eb0c6d1caaf2804f136ab3f0378d821bad93cd8There exists a Microsoft GDI+ heap-based buffer overflow vulnerability in the handling of EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA records.
440b0349f3fb3326757edc43d915b3d78d5de13ebfbd99f1dedbbe5e5af5ad08Microsoft GDI+ out-of-bounds write proof of concept exploit that works due to invalid pointer arithmetic in DecodeCompressedRLEBitmap.
f844fc522185ba44ce4354d3b48adb145bfe386433316fd5ea471ef8d2828ce7Microsoft GDI+ out-of-bounds write proof of concept exploit that works due to invalid pointer arithmetic in ValidateBitmapInfo.
7b31bbc88836070948b74762707fba14655f55a51249826bb0bd82fc4dec8240NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.
0d8b132a98ae866b25e976fa91c028b7f87513113e4275ea391b836b58886260Ubuntu Security Notice 3063-1 - Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.
36e3ca185d26d83c3e43e46cd3a405429a27c098352c0bba16ccb878680482edCisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
8c21b803e3d6d780b64143a8afceabb01b50eb9a9179666705264a98099bc1b0Cisco Security Advisory - A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
444b2e4249124581943354f845beac2191b8d53f74743737e7b7a114de4d86e2Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
f4d8d88c507a46b15e32ffc35830cdfebf152e82a43148cb0c2b116c9bb2e5beUbuntu Security Notice 3062-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.
b0a61a13fda58ff4a8591689f876e85279d2a48175e5999bde42a3d939844357
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed