HP Intelligent Management Center version 5.1 E0202 suffers from a reflective cross site scripting vulnerability.
7911d915326d86bec4aa7bcdd5bae2ad5bd871c1220a20f5aee4f992e29eaf0dSlackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2012-3499,CVE-2012-4558.
dd59a4f7ba10a11eeca1e12b9a3e363e4c2d7963af753dcc7be29703e80f10d2tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
62230cdfcb9c3218df0be53b2e3a268a595d28b25dcb1ba190d25db91ae3d132Foscam firmware versions 11.37.2.48 and below suffer from a path traversal vulnerability.
f4b1e390527c41627c9ae62096dda28d0459032a9ad0352cc420e905ed2f7d23A fragmented IPv6 packet can freeze a system that has Kaspersky Internet Security 2013 installed.
2c06b8ddd32d00aa76afa2977acfd5a8cd06463b52895f16801d4092746487b5Red Hat Security Advisory 2013-0588-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
37d86548a429bf2c433d2ed8df8b7f37463bdad93888243b9f793768fba79b40Red Hat Security Advisory 2013-0587-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response.
b7d903807077f42489738c10fa1a2c73c8a13a97971c0e95a3061b959469a1d6Ruby Gem Flash Tool version 0.6.0 suffers from a remote code execution vulnerability.
eabb60c3855ec8b85847261cb4d2c326b3edd6845b673b873d28fd6cd3d5fc58Red Hat Security Advisory 2013-0586-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7e21979349010c735492afb3417266ca14442dd1f1f4f56ac3bae29bda8b9242The saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.
62b15c41647306908f09a62162b45a2e5e879905919342200f2385c369e80460Nconf version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
9f1bddc9948e13d42f84de9b6750e6e9ab80eec811aaf47155b3253dbed2c57bRaspberry Pi firmware updater suffers from a /tmp/file clobber vulnerability and also fails to offer a secure means to update the system.
8ae9e75ba7ef9fa85acaf5cb66e9b8df15d576eed17c890be91b11f0dfa9146eThis is a simple perl script that will scan a given IP range and extract the Common Name from all SSL certificates. It is useful for discovery during penetration tests.
8bee3b0c0b06ba802a3816adb1b076af310701d747f2d5b5a2c0056512339dd9WordPress Counter Per Day plugin versions 3.2.3 and below suffer from denial of service and path disclosure vulnerabilities.
f39c172e060702ed0dcfe1201fe6f0b86c45bdc5cc2ba8c854e93dfe294c2ea4WordPress Caulk theme suffers from a path disclosure vulnerability.
5bb291bc52e07e39d0bf262920b79fe90169e0ccde330097ce186083296ab508
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed