Cisco Security Advisory - Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic. The attacker could trigger this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause flushing of the routing table on a targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
125f699e2c60465681b87f29de94283e9c6493d12e4ff530f8248b5307500d24Cotonti version 0.9.13 suffers from a remote SQL injection vulnerability.
11be7d74fb10c4a12d82d19fd7f3bcbd3a83704586090f72442d1059fabc4e6fvtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.
0bdbe4caa49a6accff478f7e437e0fb94a9d85c37596d337ecd9e9829b7ce9eeHP Security Bulletin HPSBMU02902 - A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could allow authentication bypass. Revision 1 of this advisory.
22c00f16e3e180437b41d705ab521def58996fc4302dfa3c8b494e425365cfcavtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.
29e3aad2d7ca794886041f23e78628f30acc7129c030d2bf78107c3a25fe0a1fJahia xCM version 6.6.1.0 r43343 suffers from multiple cross site scripting vulnerabilities.
c5ef8030d861fa130fe564ae69779015f7e7b77b93b60e3fb55f9365cda7843aOpen-Xchange AppSuite versions 7.2.2 and below suffer from phishing and data injection vulnerabilities.
27b6927eddb258978d90051d0b1651046597ac49ff00741bc39f4c2130f9a7d4vtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.
815a18f425acb88ab1539eda82729d41812748d11048ac8fb98c75353fce269bTEC-IT TBarCode OCX active-x control TBarCode4.ocx version 4.1.0 buffer overflow proof of concept exploit.
9e7504858cd2b2e3b4c2b733618f991d98aa8fa02a48edb3d38372d57d04fb75Western Digital My Net Series wireless routers suffer from a clear text password disclosure. The N600, N750, N900, and N900C are affected. This is an update to the prior advisory and has proof of concept information included.
c393ae6ab531915e2acb692f6020047cdc37cf5d9d3b83c4a942acc19474f947Trusteer Rapport versions 1208.41 and below suffer from a memory modification vulnerability that turns off Rapport's selfcheck unhooking and intercepting system APIs.
46230c245dad0c9bdb55494e8fa635af6d5491e44c470fef6161e402b45a5637Cisco Security Advisory - Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, remote attacker to execute arbitrary code on the affected system and on the devices managed by the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
9b7e3039911060bee35b66d0d510f0df4c0dc74a8f862f6fecbcc02c274e397aCisco Security Advisory - Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
802e54c4a44b4816a27c3303f58ce264f98317de1f90c664d4a9473667c136e2Ubuntu Security Notice 1923-1 - Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys.
4b34c19540e898abdf725a966d6352bc929dfc4611f5200f686251cb2918ab0cUbuntu Security Notice 1922-1 - Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient.
673fd931b78efc87aa81d57563e1b586b037596bd37d50b95a2c502ff906fdd3Ubuntu Security Notice 1911-2 - USN-1911-1 fixed vulnerabilities in Little CMS. This update provides the corresponding updates for Ghostscript. It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash. Various other issues were also addressed.
18ba72a51f2c147cfb25533472a063378a1d800cd2e2ee09ae8784dab875511cRed Hat Security Advisory 2013-1122-01 - The rhev-guest-tools-iso package contains tools and drivers. These tools and drivers are required by supported Windows guest operating systems when installed as guests on Red Hat Enterprise Virtualization. An unquoted search path flaw was found in the way the Red Hat Enterprise Virtualization Application Provisioning Tool service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.
4f2b824d834ca0483434ec94a8546bb4acdb3c11cb9f899c7f71b3296c2cc2ccRed Hat Security Advisory 2013-1126-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired on January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, after January 30, 2014, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.
16feeca55707b0b780a4731e28f155f8addde9d97cedb50d8b7ed8f4ab4512d1This archive contains all of the 164 exploits added to Packet Storm in July, 2013.
0a0985c7d5fdcaabbf25a53953410fd592cdcbfc6dacbbb8c55ddb3e55a12e42FunGamez suffers from a remote shell upload vulnerability.
5318d5eb778cca5d25235dd724c03995e85d82a039f4247376502efa14e44849WordPress Comment Extra Fields plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
7a727d84c9a3ea04dbf0bfc83f7d36113284c9a82dc85b33105a1d6862f47f55
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed