SAP NetWeaver AS JAVA version 7.4 suffers from an XML external entity (XXE) injection vulnerability.
efd99512a1f7388c7f876065269028bfcebd3facd45d7f9528eed91a41312084SAP NetWeaver AS JAVA version 7.4 suffers from a denial of service vulnerability.
867f8128690b89340fd1f3685572beeded84a79290e1e6dc540dcd297158cc35This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems. It also contains the new attack vector against newer Mifare Classic tags with the hardend prng.
e28ff35e958e1665c04bd54ed740b57a2d54e5fd398f123aa42d1d90a32d93a5Atlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from a cross site scripting vulnerability.
58c57bd896a1b741f14676780ed0548bea2bc4824bf165be69c2d7dd293e7f52Atlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from an information disclosure vulnerability.
8357c39588ad5506639d97020e1806800b3080757eee8fa79931e45eb66d5148Atlassian Confluence AppFusions Doxygen version 1.3.0 suffers from a path traversal vulnerability.
77aa28687a473275fa3261bb168ee38f7a5939fe9c9aa294dd42f3b61e038e76Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
859f9e504580cf957ec756c239cf58ea4940fa4416cab0fa7e4d1ea6024c0f4cSeveral Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been tested on the real devices DIR-818LW and 868L (rev. B), and it was tested using emulation on the DIR-822, 823, 880, 885, 890 and 895. Others might be affected, and this vulnerability is present in both MIPS and ARM devices. The MIPS devices are powered by Lextra RLX processors, which are crippled MIPS cores lacking a few load and store instructions. Because of this the payloads have to be sent unencoded, which can cause them to fail, although the bind shell seems to work well. For the ARM devices, the inline reverse tcp seems to work best. Check the reference links to see the vulnerable firmware versions.
f09dc3e03a56a9a9441af1cc6229aa3bd868aca364888ba73e07ec9a07559e11Multitech RightFax Faxfinder versions prior to 4.1.2 suffer from a clear-text credential disclosure vulnerability.
4cba9fb5d18c9d4697ebdd1ee70bdbba03e52490e9c35b8c78903bbc2933d69eUbuntu Security Notice 3131-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
97f74f2887273aaf548965ae782a0d45d4345f1afed77295fdf4004d81751ca0Red Hat Security Advisory 2016-2809-01 - The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on. Ipsilon links authentication providers and applications or utilities to allow for SSO. It includes a server and utilities to configure Apache-based service providers. Security Fix: A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions.
62ebd6d5c44aa0b4baaa3685abab5cbb76b339806e15c8c48e96b76428ab30f4Debian Linux Security Advisory 3719-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.
ff0042f1d46181ecb6688120175f8f37efc1368dea2b32c7c87d609b9ba1c690Gentoo Linux Security Advisory 201611-14 - Multiple vulnerabilities have been discovered in MIT Kerberos 5, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.13.2-r2 are affected.
9cc870d75fec5b3e5e72b5410b010b6e2964e4ac02c65b63650fe6ad75245d4cGentoo Linux Security Advisory 201611-13 - A vulnerability in MongoDB can lead to a Denial of Service condition. Versions less than 2.4.13 are affected.
b4839033da00a62a97688eab707eedcf52ab5e81048779f078e4fd71ee2a2362Gentoo Linux Security Advisory 201611-12 - Multiple vulnerabilities have been found in imlib2, the worst of which allows for the remote execution of arbitrary code. Versions less than 1.4.9 are affected.
c0bc2da01fe92dabf8269a7cfb2e656e04ea91d148acd072356abd67d733f945
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed