BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.
bd30887efb78ca75643bdfeb691e5df802ec1870544c4f1e7545cffa5cd735a5Microsoft Authorization Manager version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
f5600ff4677dedf4a8f0d1a31bfdd6548954627b3e43d8240017c183a0ae2df4Gentoo Linux Security Advisory 201612-10 - Libvirt is vulnerable to directory traversal when using Access Control Lists (ACL). Versions less than 1.2.21-r1 are affected.
1b059501eb2c63557591d9a95f0644d455c333a46016df615c5fa52a53c25838Gentoo Linux Security Advisory 201612-9 - Multiple vulnerabilities have been found in GD, the worst of which allows remote attackers to execute arbitrary code. Versions less than 2.2.3 are affected.
ffca006ac4ed95b5c403e05ca84f0447ce1e0afa104b4c0e8ddb6e3a031ccddcGentoo Linux Security Advisory 201612-8 - A vulnerability in LinuxCIFS utils' cifscreds PAM module might allow remote attackers to have an unspecified impact via unknown vectors. Versions less than 6.4 are affected.
157e1bb44b38d6fff2d5e5d88fe6ef4ef947c69fbb690162f17ab3178fbbff7bGentoo Linux Security Advisory 201612-7 - A vulnerability was discovered in dpkg which could potentially lead to arbitrary code execution. Versions less than 1.17.26 are affected.
af3399d65526a3d6e88762958bcff286e63a7aa8d0d26d59ce7f69aec343c356Gentoo Linux Security Advisory 201612-6 - Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream handling code. Versions less than 1.6.0 are affected.
5ef643701dd8344ec42fd5712c2d28e84fb926a021b12ebd07a57cce90126088Gentoo Linux Security Advisory 201612-5 - Pygments is vulnerable to remote code execution if an attacker is allowed to specify the font name. Versions less than 2.0.2-r1 are affected.
3c67efb2693fdda4a72b6616e7d9c934ec9aec16322ad8e1e098ba9bb453d9cdRed Hat Security Advisory 2016-2850-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
f2b5168d74f1e0e5d96b19992b90ed1ad3a05d346e5ddc46d229fe84bb406be4Gentoo Linux Security Advisory 201612-13 - Nghttp2 is vulnerable to a Denial of Service attack. Versions less than 1.7.1 are affected.
20150f42aff377c5c1cef8934bd4d630b9112a289ce8ff72bfefc010ee9dcf61Gentoo Linux Security Advisory 201612-12 - Patch is vulnerable to a locally generated Denial of Service condition. Versions less than 2.7.4 are affected.
394d191609b0f603caf26650cfe39ba295d093614d03540762ec2a9afd318aafGentoo Linux Security Advisory 201612-11 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 55.0.2883.75 are affected.
675e04df4d3b8290e0c23812d63a78aa9d8e2bc5458f4e630a07f3a23d6046e5Gentoo Linux Security Advisory 201612-4 - Multiple vulnerabilities have been found in BusyBox, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.24.2 are affected.
71545632287485cb110922c64d90b90cf8e9906b0bac34723c417d2160da8fdaAlcatel Lucent Omnivista 8770 suffers from a remote code execution vulnerability.
ff1018a6391a7b71ee9e6ee126ecaa177711e57d33d70b676ee18561a5e59f49Apache HTTPD web server versions 2.4.17 through 2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a server allocates too much memory instead of denying the request. This can lead to memory exhaustion of the server by a properly crafted request.
ce59b7317dd8f5505d72923540ebf2779ce068b9cee27dfa83ab5f0a3bf93819Microsoft Event Viewer version 1.0 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
20719851705d60a871bd0171b0cb7a4f694eaa47705615b05528a7c625c3dea3Apache CouchDB sets weak file permissions potentially allowing 'Standard' Windows users to elevate privileges. The "nssm.exe" (Apache CouchDB) executable can be replaced by a 'Standard' non administrator user, allowing them to add a backdoor Administrator account once the "Apache CouchDB" service is restarted or system rebooted. As Apache CouchDB runs as LOCALSYSTEM, standard users can now execute arbitrary code with the privileges of the SYSTEM. Version 2.0.0 is affected.
68b1e098eddc65e76ee3877ef1fec35d1f90f759cb3fda181fd4c2b03a67aedfGNU Netcat version 0.7.1 suffers from an out-of-bounds array write.
315266bebe383861e1bf5d7f9fc0f1cb78df9d056a0f1d29ac4bc1297979893eWindows System Information MSINFO32.exe version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
b295bc2456dfd9aa023fb2cc71b381c58428323e0645f6a1cec73a6adc913ec7Shuttle Tech ADSL Wireless 920 WM suffers from cross site scripting, directory traversal, and default telnet root password vulnerabilities.
df7ffc5dc3eac8027cfe48f6230c10862e01125d793229ac42940c11c26d4710
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed